Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
DHCP:RQST:ISC-DOS |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
DHCP |
Keywords |
ISC DHCP TCP Session Exhaustion Denial of Service |
Release Date |
2016/06/09 |
Update Number |
2738 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
DHCP: ISC DHCP TCP Session Exhaustion Denial of Service
This signature detects attempts to exploit a known vulnerability against DHCP Server. A successful attack can result in a denial-of-service condition.
Extended Description
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
Affected Products
- Canonical ubuntu_linux 14.04
- Canonical ubuntu_linux 16.04
- Canonical ubuntu_linux 17.10
- Debian debian_linux 8.0
- Isc dhcp 4.1.0
- Isc dhcp 4.1.1
- Isc dhcp 4.1.2
- Isc dhcp 4.1-esv
- Isc dhcp 4.2.0
- Isc dhcp 4.2.1
- Isc dhcp 4.2.2
- Isc dhcp 4.2.3
- Isc dhcp 4.2.4
- Isc dhcp 4.2.5
- Isc dhcp 4.2.6
- Isc dhcp 4.2.7
- Isc dhcp 4.2.8
- Isc dhcp 4.3.0
- Isc dhcp 4.3.1
- Isc dhcp 4.3.2
- Isc dhcp 4.3.3
References
- CVE: CVE-2017-3144
- CVE: CVE-2016-2774
- URL: https://kb.isc.org/article/aa-01354