DHCP IPC Connection Management Flaw Lets Remote Users on the Local Network Consume Excessive Resources on the Target System
|
SecurityTracker Alert ID: 1035196 |
SecurityTracker URL: http://securitytracker.com/id/1035196
|
CVE Reference:
CVE-2016-2774
(Links to External Site)
|
Date: Mar 8 2016
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 4.1.0 - 4.1-ESV-R12-P1, 4.2.0 - 4.2.8, 4.3.0 - 4.3.3-P1
|
Description:
A vulnerability was reported in ISC DHCP. A remote user on the local network can consume excessive resources on the target system.
A remote user on the local network can open a large number of TCP connections on the inter-process communications (IPC) and control ports to consume excessive resource on the target system. As a result, the target DHCP service may become unresponsive or fail.
Konstantin Orekhov reported this vulnerability.
|
Impact:
A remote user on the local network can cause the target DHCP service to become unresponsive or fail.
|
Solution:
The vendor has issued a fix (4.1-ESV-R13, 4.3.4).
The vendor's advisory is available at:
https://kb.isc.org/article/AA-01354
|
Vendor URL: kb.isc.org/article/AA-01354 (Links to External Site)
|
Cause:
Resource error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|