Hazardous Command Injection Vulnerability Fixed in Red Hat Linux

A serious flaw in the DHCP customer in Red Hat Enterprise Linux could permit a hacker to implement random commands on jammed systems. Felix Wilhelm described the security vulnerability from Security Team of the Google and followed as CVE-2018-1111. The flaw was exposed in the NetworkManager incorporation script involved in the DHCP customer packages.

The flaw features mention as a CVSS3 Base Score of 7.5 and can be oppressed deprived of special rights. But, a cyberpunk aiming the vulnerability could perform random commands with source rights on bug Red Hat systems.

A main dominant server can be practiced to arrange network associated details in hosts through the DHCP protocol. When relating to a network, a host could problem DHCP demands to get network configuration limitations likely IP address, default router IP, DNS servers, and the like.

The DHCP customer package in Red Hat contains a text for the NetworkManager section. The text is implemented each time NetworkManager obtains a DHCP answer from a DHCP server. Therefore, a harmful DHCP answer could be practiced to reason the text to implement uninformed shell commands.

“A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol,” Red Hat explains.


Leave a Reply

Your email address will not be published. Required fields are marked *