CVE-2017-3144 Amazon Linux Security Advisory for dhcp: ALAS2-2018-963

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

Omapi code doesn’t free socket descriptors when empty message is received allowing denial-of-serviceIt was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality.(CVE-2017-3144 )

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Please refer to Amazon advisory ALAS-2018-963 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2018-963: Amazon Linux (dhcp (4.2.5-58.amzn2.1.2) on src)

ALAS-2018-963: Amazon Linux (dhcp (4.2.5-58.amzn2.1.2) on x86_64)

Leave a Reply