漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
Omapi code doesn't free socket descriptors when empty message is received allowing denial-of-serviceIt was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality.(CVE-2017-3144 )
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Please refer to Amazon advisory ALAS-2018-963 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
ALAS-2018-963: Amazon Linux (dhcp (4.2.5-58.amzn2.1.2) on src)
ALAS-2018-963: Amazon Linux (dhcp (4.2.5-58.amzn2.1.2) on x86_64)
0daybank
文章评论