[Triumf-linux-managers] "critical" update for dhclient on RHEL/CentOS/SL
Andrew Daviel
advax at triumf.ca
Thu May 17 14:49:53 PDT 2018
This is only known to affect Linux distributions based on RHEL 6 or 7,
i.e. CentOS or Scientific Linux.
A command injection flaw was found in a script included in the DHCP
client package in Red Hat Enterprise Linux 6 and 7. A malicious DHCP
server, or an attacker on the local network able to spoof DHCP
responses, could use this flaw to execute arbitrary commands with root
privileges on systems using NetworkManager with DHCP enabled.
See https://ccn.triumf.ca/security/linux/vulnerabilities/cve-2018-1111
and check that dhclient is updated through May 2018.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager
More information about the Triumf-linux-managers
mailing list