vulnerability

Ubuntu: (Multiple Advisories) (CVE-2016-2774): DHCP vulnerabilities

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
Published
Mar 9, 2016
Added
Mar 2, 2018
Modified
Apr 14, 2025

Description

Konstantin Orekhov discovered that the DHCP server incorrectly handled a
large number of concurrent TCP sessions. A remote attacker could possibly
use this issue to cause a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2774)

It was discovered that the DHCP server incorrectly handled socket
descriptors. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2017-3144)

Felix Wilhelm discovered that the DHCP client incorrectly handled certain
malformed responses. A remote attacker could use this issue to cause the
DHCP client to crash, resulting in a denial of service, or possibly execute
arbitrary code. In the default installation, attackers would be isolated by
the dhclient AppArmor profile. (CVE-2018-5732)

Felix Wilhelm discovered that the DHCP server incorrectly handled reference
counting. A remote attacker could possibly use this issue to cause the DHCP
server to crash, resulting in a denial of service. (CVE-2018-5733)

Solution(s)

ubuntu-upgrade-isc-dhcp-clientubuntu-upgrade-isc-dhcp-relayubuntu-upgrade-isc-dhcp-serverubuntu-upgrade-isc-dhcp-server-ldap
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.