Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

Failure to properly clean up closed OMAPI connections can exhaust available sockets

Disclosure Date: January 16, 2019
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Vendors

  • canonical,
  • debian,
  • isc,
  • redhat

Products

  • debian linux 8.0,
  • debian linux 9.0,
  • dhcp,
  • dhcp 4.1-esv,
  • dhcp 4.1.0,
  • enterprise linux desktop 7.0,
  • enterprise linux server 7.0,
  • enterprise linux server aus 7.4,
  • enterprise linux server aus 7.6,
  • enterprise linux server eus 7.4,
  • enterprise linux server eus 7.5,
  • enterprise linux server eus 7.6,
  • enterprise linux server tus 7.4,
  • enterprise linux server tus 7.6,
  • enterprise linux workstation 7.0,
  • ubuntu linux 14.04,
  • ubuntu linux 16.04,
  • ubuntu linux 17.10
Technical Analysis