CVE-2016-2774
published 2016-03-09CVE-2016-2774: ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to…
PriorityP346medium5.9CVSS 3.1
AVNACHPRNUINSUCNINAH
EPSS
73.62%
99.4th percentile
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | isc-dhcp | < isc-dhcp 4.3.4-1 (bookworm) | isc-dhcp 4.3.4-1 (bookworm) |
| erlang | erlang_otp | >= 0 < 1:16.b.3-dfsg-1ubuntu2.2 | 1:16.b.3-dfsg-1ubuntu2.2 |
| erlang | erlang_otp | >= 0 < 1:18.3-dfsg-1ubuntu3.1 | 1:18.3-dfsg-1ubuntu3.1 |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
| isc | dhcp | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Check dhcpd configuration files for 'failover' or 'omapi-port' directives to identify potentially vulnerable/exposed deployments. ↗
- →Use netstat to check if dhcpd has any open TCP sockets on OMAPI (default 7911) or failover (default 647) ports, indicating exposure to this DoS vector. ↗
- →Monitor for a large number of concurrent TCP connections to OMAPI port (7911) or failover port (647) from untrusted or unexpected source IPs — the attack involves opening many connections and never closing them. ↗
- →OMAPI port has no source-IP restriction in dhcpd; the failover port drops connections from non-peer IPs, making OMAPI the higher-risk attack surface. ↗
- →Look for dhcpd INSIST assertion failure messages in logs, which can indicate this DoS condition has been triggered. ↗
- ·Vulnerability only affects dhcpd deployments that have OMAPI or DHCP failover configured; default configurations without these directives are not affected. ↗
- ·When dhcpd configuration is stored in LDAP, searching only dhcpd.conf for 'failover' and 'omapi-port' directives is insufficient to determine exposure. ↗
- ·Upstream patched versions cap concurrent connections at 200 by default (MAX_FD_VALUE in includes/site.h); a value of 0 means unlimited and restores vulnerable behavior. ↗
- ·Red Hat Enterprise Linux 5 and 6 dhcp packages are marked 'Will not fix' for this CVE. ↗
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
osv7.5HIGH
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
vendor_ubuntu5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
DHCP vulnerabilities
vendor_ubuntu·2018-03-01·CVSS 5.9
CVE-2016-2774 [MEDIUM] DHCP vulnerabilities
Title: DHCP vulnerabilities
Summary: Several security issues were fixed in DHCP.
Konstantin Orekhov discovered that the DHCP server incorrectly handled a
large number of concurrent TCP sessions. A remote attacker could possibly
use this issue to cause a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2774)
It was discovered that the DHCP server incorrectly handled socket
descriptors. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2017-3144)
Felix Wilhelm discovered that the DHCP client incorrectly handled certain
malformed responses. A remote attacker could use this issue to cause the
DHCP client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, at
Red Hat
dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS
vendor_redhat·2016-03-07·CVSS 5.9
CVE-2016-2774 [MEDIUM] CWE-400 dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS
dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports could use this flaw to cause dhcpd to exit unexpectedly, stop responding requests, or exhaust system sockets (denial of service).
Package: dhcp (Red Hat Enterprise Linux 5) - Will not fix
Package: dhcp (Red Hat Enterprise Linux 6) - W
Debian
CVE-2016-2774: isc-dhcp - ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not rest...
vendor_debian·2016·CVSS 5.9
CVE-2016-2774 [MEDIUM] CVE-2016-2774: isc-dhcp - ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not rest...
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
Scope: local
bookworm: resolved (fixed in 4.3.4-1)
bullseye: resolved (fixed in 4.3.4-1)
sid: resolved (fixed in 4.3.4-1)
trixie: resolved (fixed in 4.3.4-1)
GHSA
GHSA-rg7r-5jqm-6r7j: ISC DHCP 4
ghsa_unreviewed·2022-05-13
CVE-2016-2774 [HIGH] CWE-20 GHSA-rg7r-5jqm-6r7j: ISC DHCP 4
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
OSV
isc-dhcp vulnerabilities
osv·2018-03-01·CVSS 5.9
CVE-2016-2774 [MEDIUM] isc-dhcp vulnerabilities
isc-dhcp vulnerabilities
Konstantin Orekhov discovered that the DHCP server incorrectly handled a
large number of concurrent TCP sessions. A remote attacker could possibly
use this issue to cause a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2774)
It was discovered that the DHCP server incorrectly handled socket
descriptors. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2017-3144)
Felix Wilhelm discovered that the DHCP client incorrectly handled certain
malformed responses. A remote attacker could use this issue to cause the
DHCP client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, attackers would be isolated by
the dhclient AppArmor profil
OSV
erlang vulnerabilities
osv·2018-02-14·CVSS 7.5
CVE-2014-1693 erlang vulnerabilities
erlang vulnerabilities
It was discovered that the Erlang FTP module incorrectly handled certain
CRLF sequences. A remote attacker could possibly use this issue to inject
arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS.
(CVE-2014-1693)
It was discovered that Erlang incorrectly checked CBC padding bytes. A
remote attacker could possibly use this issue to perform a padding oracle
attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS.
(CVE-2015-2774)
It was discovered that Erlang incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
Erlang to crash, resulting in a denial of service, or execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253)
Hanno Böck, Juraj Somorovsky and Crai
OSV
CVE-2016-2774: ISC DHCP 4
osv·2016-03-09·CVSS 5.9
CVE-2016-2774 [MEDIUM] CVE-2016-2774: ISC DHCP 4
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-2774 dhcp: Opening and never closing TCP connections can cause DoS [fedora-all]
bugzilla·2016-03-08·CVSS 5.9
CVE-2016-2774 [MEDIUM] CVE-2016-2774 dhcp: Opening and never closing TCP connections can cause DoS [fedora-all]
CVE-2016-2774 dhcp: Opening and never closing TCP connections can cause DoS [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported v
Bugzilla
CVE-2016-2774 dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS
bugzilla·2016-03-07·CVSS 5.9
CVE-2016-2774 [MEDIUM] CVE-2016-2774 dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS
CVE-2016-2774 dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS
It was reported that ISC DHCP server does not effectively limit the number of simultaneous open TCP connections to the ports the server uses for inter-process communications and control. Because of this, a malicious party could interfere with server operation by opening (and never closing) a large number of TCP connections to the server.
As result, the server may deliberately exit after encountering an INSIST failure (server version dependent), or may become unresponsive and stop answering client requests, or may continue operating but not be able to accept further connections from OMAPI clients or failover peers. If no limits are inherited from the environment, the server may consume all available sock
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.htmlhttp://lists.opensuse.org/opensuse-updates/2016-07/msg00066.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2590.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.securityfocus.com/bid/84208http://www.securitytracker.com/id/1035196https://kb.isc.org/article/AA-01354https://lists.debian.org/debian-lts-announce/2019/11/msg00023.htmlhttps://usn.ubuntu.com/3586-1/http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.htmlhttp://lists.opensuse.org/opensuse-updates/2016-07/msg00066.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2590.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.securityfocus.com/bid/84208http://www.securitytracker.com/id/1035196https://kb.isc.org/article/AA-01354https://lists.debian.org/debian-lts-announce/2019/11/msg00023.htmlhttps://usn.ubuntu.com/3586-1/
2016-03-09
Published