Red Hat released a security advisory on May 15 for fixing a critical vulnerability (CVE-2018-1111)in the DHCP Client. An attacker on local network could use a malicious DHCP server or a spoofed DHCP response to execute arbitrary command with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol.
Reference link:https://access.redhat.com/security/vulnerabilities/3442151
Affected Versions
- Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Server 7
Unaffected Versions
| Product | Package | Advisory/Update |
| Red Hat Enterprise Linux 7 (z-stream) | dhclient | RHSA-2018:1453 |
| Red Hat Enterprise Linux 7.4 Extended Update Support * | dhclient | RHSA-2018:1455 |
| Red Hat Enterprise Linux 7.3 Extended Update Support * | dhclient | RHSA-2018:1456 |
| Red Hat Enterprise Linux 7.2 Advanced Update Support, Telco Extended Update Support, and Update Services for SAP Solutions **,***,**** | dhclient | RHSA-2018:1457 |
| Red Hat Enterprise Linux 6 (z-stream) | dhclient | RHSA-2018:1454 |
| Red Hat Enterprise Linux 6.7 Extended Update Support * | dhclient | RHSA-2018:1458 |
| Red Hat Enterprise Linux 6.6 Advanced Update Support and Telco Extended Update Support **,*** | dhclient | RHSA-2018:1459 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support ** | dhclient | RHSA-2018:1460 |
| Red Hat Enterprise Linux 6.4 Advanced Update Support ** | dhclient | RHSA-2018:1461 |
Reference link: https://access.redhat.com/security/vulnerabilities/3442151
Solution
Red Hat has released patches to fix these vulnerabilities. Users running affection versions of dhclient package are strongly recommended to update packages as soon as possible.
Reference link: https://access.redhat.com/security/vulnerabilities/3442151
