CVSS: 7.5EPSS: 14%CPEs: 51EXPL: 0CVE-2017-3144 – Failure to properly clean up closed OMAPI connections can exhaust available sockets
https://notcve.org/view.php?id=CVE-2017-3144
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. Una vulnerabilidad derivada del error al limpiar correctamente las conexiones OMAPI cerradas puede conducir al agotamiento del grupo de descriptores del socket disponibles para el servidor DHCP. • http://www.securityfocus.com/bid/102726 http://www.securitytracker.com/id/1040194 https://access.redhat.com/errata/RHSA-2018:0158 https://kb.isc.org/docs/aa-01541 https://usn.ubuntu.com/3586-1 https://www.debian.org/security/2018/dsa-4133 https://access.redhat.com/security/cve/CVE-2017-3144 https://bugzilla.redhat.com/show_bug.cgi?id=1522918 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.1EPSS: 92%CPEs: 95EXPL: 0CVE-2016-2774 – dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS
https://notcve.org/view.php?id=CVE-2016-2774
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. ISC DHCP 4.1.x en versiones anteriores a 4.1-ESV-R13 y 4.2.x y 4.3.x en versiones anteriores a 4.3.4 no restringe el número de sesiones TCP concurrentes, lo que permite a atacantes remotos provocar una denegación de servicio (fallo de aserción INSIST o interrupción de procesamiento de petición) estableciendo muchas sesiones. A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports could use this flaw to cause dhcpd to exit unexpectedly, stop responding requests, or exhaust system sockets (denial of service). • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.html http://rhn.redhat.com/errata/RHSA-2016-2590.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/84208 http://www.securitytracker.com/id/1035196 https://kb.isc.org/article/AA-01354 https://lists.debian.org&#x • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 5%CPEs: 93EXPL: 0CVE-2015-8605
https://notcve.org/view.php?id=CVE-2015-8605
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. ISC DHCP 4.x en versiones anteriores a 4.1-ESV-R12-P1, 4.2.x y 4.3.x en versiones anteriores a 4.3.3-P1 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una longitud de campo no válida en un paquete UDP IPv4. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html http://www.debian.org/security/2016/dsa-3442 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/80703 http://www.securitytracker.com/id/1034657 http&# • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 2%CPEs: 31EXPL: 0CVE-2012-3955 – dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash
https://notcve.org/view.php?id=CVE-2012-3955
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. ISC DHCP v4.1-4.1.x antes de v4.1-ESV-R7 y v4.2.x antes de v4.2.4-P2 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) en determinadas circunstancias mediante el establecimiento de un 'lease' IPv6 en un entorno donde la expiración del leasing es posteriormente reducida. A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html http://rhn.redhat.com/errata/RHSA-2013-0504.html http://s •
CVSS: 6.1EPSS: 7%CPEs: 33EXPL: 1CVE-2012-3571 – ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-3571
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. ISC DHCP v4.1.2 a v4.2.4 y v4.1-ESV antes de v4.1-ESV-R6 permite a atacantes remotos causar una denegación de servicio (bucle infinito y excesivo consumo de CPU) a través de un identificador de cliente con formato incorrecto. • https://www.exploit-db.com/exploits/37538 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html http://rhn.redhat.com/errata/RHSA-2012-1140.html http://rhn.redhat.com/errata/RHSA-2012-1141.html http://security.gentoo.org/glsa/glsa-201301-06.xml http://www.debian.org/security/2012/dsa-2516 http://www.debian.org/security/2012/dsa-2519 http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •