Code Execution Vulnerability in Red Hat DHCP Client Script

Code Execution Vulnerability in Red Hat DHCP Client Script

May 16, 2018 | Adeline Zhang

 

Red Hat released a security advisory on May 15 for fixing a critical vulnerability (CVE-2018-1111)in the DHCP Client. An attacker on local network could use a malicious DHCP server or a spoofed DHCP response to execute arbitrary command with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol.

Reference link:https://access.redhat.com/security/vulnerabilities/3442151

Affected Versions

  • Red Hat Enterprise Linux Server 6
    Red Hat Enterprise Linux Server 7

Unaffected Versions

Product Package Advisory/Update
Red Hat Enterprise Linux 7 (z-stream) dhclient RHSA-2018:1453
Red Hat Enterprise Linux 7.4 Extended Update Support * dhclient RHSA-2018:1455
Red Hat Enterprise Linux 7.3 Extended Update Support * dhclient RHSA-2018:1456
Red Hat Enterprise Linux 7.2 Advanced Update Support, Telco Extended Update Support, and Update Services for SAP Solutions **,***,**** dhclient RHSA-2018:1457
Red Hat Enterprise Linux 6 (z-stream) dhclient RHSA-2018:1454
Red Hat Enterprise Linux 6.7 Extended Update Support * dhclient RHSA-2018:1458
Red Hat Enterprise Linux 6.6 Advanced Update Support and Telco Extended Update Support **,*** dhclient RHSA-2018:1459
Red Hat Enterprise Linux 6.5 Advanced Update Support ** dhclient RHSA-2018:1460
Red Hat Enterprise Linux 6.4 Advanced Update Support  ** dhclient RHSA-2018:1461

Reference link: https://access.redhat.com/security/vulnerabilities/3442151

Solution

Red Hat has released patches to fix these vulnerabilities. Users running affection versions of dhclient package are strongly recommended to update packages as soon as possible.

Reference link:  https://access.redhat.com/security/vulnerabilities/3442151