Wind River Support Network

HomeDefectsLIN9-6288

Fixed

LIN9-6288 : Security Advisory - dhcp - CVE-2017-3144

Created: Jan 30, 2018 Updated: Feb 12, 2019

Resolved Date: Feb 6, 2018

Found In Version: 9.0.0.13

Fix Version: 9.0.0.15

Severity: Standard

Applicable for: Wind River Linux 9

Component/s: Userspace

Description

It was found that omapi code doesn't free socket descriptor if empty message was sent by client, which allows malicious client to use up all available descriptors causing Denial of Service

https://nvd.nist.gov/vuln/detail/CVE-2017-3144

Other Downloads

Wind River Linux 9.0.0.15
Wind River Linux 9.0.0.16
Wind River Linux 9.0.0.17
Wind River Linux 9.0.0.18
Wind River Linux 9.0.0.19
Wind River Linux 9.0.0.20
Wind River Linux 9.0.0.21
Wind River Linux 9.0.0.22
Wind River Linux 9.0.0.23
Wind River Linux 9.0.0.24
Wind River Linux 9.0.0.25
Wind River Linux 9.0.0.26

CVEs

CVE-2017-3144