back to article Red Hat admin? Get off Twitter and patch this DHCP client bug

Red Hat has announced a critical vulnerability in its DHCP client and while it doesn't have a brand name it does have a Tweetable proof-of-concept. Discovered by Googler Felix Wilhelm, CVE-2018-1111 is a command injection bug in the Red Hat Enterprise Linux and derivative DHCP clients. Wilhelm Tweeted: “CVE 2018-1111 is a …

  1. Anonymous Coward
    Anonymous Coward

    Is this dependent on Netcat?

    I always wondered why netcat is installed in every 'nix and Android OS if it can be abused.

  2. Maventi

    Re: Is this dependent on Netcat?

    > I always wondered why netcat is installed in every 'nix...

    Except that it isn't; try a minimal RHEL or CentOS 7 install for example.

    What I would like to know however is why NetworkManager counts as necessary for a 'minimal' install.

  3. This post has been deleted by its author

  4. fandom Silver badge

    Re: Is this dependent on Netcat?

    "why NetworkManager counts as necessary for a 'minimal' install."

    Because it manages the network

  5. Symon Silver badge
    FAIL

    Re: Is this dependent on Netcat?

    "Like firewalld is a pointless Red Hat wrapper around iptables, NetworkManager is yet another pointless wrapper around already existing functionality."

    https://en.wikipedia.org/wiki/NetworkManager

    CentOS 6 ->

    chkconfig NetworkManager off

    chkconfig network on

    service NetworkManager stop

    service network start

    p.s. https://www.digitalocean.com/community/tutorials/how-to-migrate-from-firewalld-to-iptables-on-centos-7

  6. Anonymous Coward
    Anonymous Coward

    Re: Is this dependent on Netcat?

    > I always wondered why netcat is installed in every 'nix and Android OS if it can be abused.

    Better not include gcc, ruby, python, perl, bash, or anything that can be programmed to open a socket then. (I do have a python telnet client script written up for that absurd practice of not including telnet client for the same exact reason).

    netcat is a tool with zero special abilities, the target is the problem. There are 1000's of things that can do the same job as netcat.

  7. HieronymusBloggs Silver badge

    Re: Is this dependent on Netcat?

    "Because it manages the network"

    ...for those who don't know how to do it using traditional Unix-type facilities.

  8. Gene Cash Silver badge

    Re: Is this dependent on Netcat?

    >> "Because it manages the network"

    > ...for those who don't know how to do it using traditional Unix-type facilities.

    And we wonder why RedHat invented systemd...

  9. Anonymous Coward
    Anonymous Coward

    Re: Is this dependent on Netcat?

    > And we wonder why RedHat invented systemd...

    Not as such. Poettering "invented" it (pinched it off?), RedHat compounded that transgression by inflicting it on everyone, using viral tentacles into Gnome et al.

    Every bit the "embrace and extend and ..." method.

    For all its faults and fragility, NetworkManager at least has the good graces to be avoidable, i.e. you don't need to use it if other methods suit you. For now. And to be fair, NetworkManager does seem to have improved somewhat over time -- I still don't use it anywhere near servers, but I've tried it on a migratory laptop and it's ... OK. Still no tangible benefit for me, but ... OK.

    I could be wrong, but my impression is reported NM bugs do seem to get addressed, seemingly without as much conflict and opposition from the maintainers as happens with systemd's devs ("it's not a bug, you're just doing it wrong").

  10. herman Silver badge

    I think one could do the same with any networked utility with an exec function such as ssh. Maybe even find could be made to work.

  11. Anonymous Coward
    Anonymous Coward

    A malicious dhcp *server* on your network can get a remote root shell on the (Red Hat) *client*

    This is because the dhcp client will execute shell stuff sent in a response from the dhcp server.

  12. JakeMS Silver badge
    Thumb Up

    And...

    Patched!

  13. Christian Berger Silver badge

    From the people who brought you...

    NetworkManager and Systemd

  14. BeardyOldUnixGit

    Re: From the people who brought you...

    Before you get on your high horse, note that *any* dhcp client which can in some way be convinced to set a shell variable from a DHCP response will be vulnerable to this sort of trick.

    The more good old-fashioned shell scripting you have in your setup, the bigger your attack surface.

  15. Sheepykins

    yum erase NetworkManager

  16. Symon Silver badge
    Trollface

    yum remove RedHat

    pkg install FreeBSD

  17. SiFly

    chroot

    Why doesn't it at least chroot into a safe(r) environment ...

  18. Alistair Silver badge

    Umm

    not installing NWM or DHCP client on managed server installations kinda helps here.

  19. jdavis255

    Looks like they patched the vulnerability well before they announced it

    [root@rhel75vm ~]# rpm -q --changelog dhcp-common | head

    * Tue Apr 24 2018 Pavel Zhukov <pzhukov@redhat.com> - 12:4.2.5-68.1

    - Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018