back to article Red Hat admin? Get off Twitter and patch this DHCP client bug

Red Hat has announced a critical vulnerability in its DHCP client and while it doesn't have a brand name it does have a Tweetable proof-of-concept. Discovered by Googler Felix Wilhelm, CVE-2018-1111 is a command injection bug in the Red Hat Enterprise Linux and derivative DHCP clients. Wilhelm Tweeted: “CVE 2018-1111 is a …

Anonymous Coward

Is this dependent on Netcat?

I always wondered why netcat is installed in every 'nix and Android OS if it can be abused.

0
11

Re: Is this dependent on Netcat?

> I always wondered why netcat is installed in every 'nix...

Except that it isn't; try a minimal RHEL or CentOS 7 install for example.

What I would like to know however is why NetworkManager counts as necessary for a 'minimal' install.

17
0

This post has been deleted by its author

Re: Is this dependent on Netcat?

"why NetworkManager counts as necessary for a 'minimal' install."

Because it manages the network

1
15
Silver badge
FAIL

Re: Is this dependent on Netcat?

"Like firewalld is a pointless Red Hat wrapper around iptables, NetworkManager is yet another pointless wrapper around already existing functionality."

https://en.wikipedia.org/wiki/NetworkManager

CentOS 6 ->

chkconfig NetworkManager off

chkconfig network on

service NetworkManager stop

service network start

p.s. https://www.digitalocean.com/community/tutorials/how-to-migrate-from-firewalld-to-iptables-on-centos-7

12
0
Anonymous Coward

Re: Is this dependent on Netcat?

> I always wondered why netcat is installed in every 'nix and Android OS if it can be abused.

Better not include gcc, ruby, python, perl, bash, or anything that can be programmed to open a socket then. (I do have a python telnet client script written up for that absurd practice of not including telnet client for the same exact reason).

netcat is a tool with zero special abilities, the target is the problem. There are 1000's of things that can do the same job as netcat.

5
0
Silver badge

Re: Is this dependent on Netcat?

"Because it manages the network"

...for those who don't know how to do it using traditional Unix-type facilities.

7
0
Silver badge

Re: Is this dependent on Netcat?

>> "Because it manages the network"

> ...for those who don't know how to do it using traditional Unix-type facilities.

And we wonder why RedHat invented systemd...

2
1
Anonymous Coward

Re: Is this dependent on Netcat?

> And we wonder why RedHat invented systemd...

Not as such. Poettering "invented" it (pinched it off?), RedHat compounded that transgression by inflicting it on everyone, using viral tentacles into Gnome et al.

Every bit the "embrace and extend and ..." method.

For all its faults and fragility, NetworkManager at least has the good graces to be avoidable, i.e. you don't need to use it if other methods suit you. For now. And to be fair, NetworkManager does seem to have improved somewhat over time -- I still don't use it anywhere near servers, but I've tried it on a migratory laptop and it's ... OK. Still no tangible benefit for me, but ... OK.

I could be wrong, but my impression is reported NM bugs do seem to get addressed, seemingly without as much conflict and opposition from the maintainers as happens with systemd's devs ("it's not a bug, you're just doing it wrong").

1
0
Silver badge

I think one could do the same with any networked utility with an exec function such as ssh. Maybe even find could be made to work.

3
1
Anonymous Coward

A malicious dhcp *server* on your network can get a remote root shell on the (Red Hat) *client*

This is because the dhcp client will execute shell stuff sent in a response from the dhcp server.

5
0
Silver badge
Thumb Up

And...

Patched!

1
1
Silver badge

From the people who brought you...

NetworkManager and Systemd

13
3

Re: From the people who brought you...

Before you get on your high horse, note that *any* dhcp client which can in some way be convinced to set a shell variable from a DHCP response will be vulnerable to this sort of trick.

The more good old-fashioned shell scripting you have in your setup, the bigger your attack surface.

6
1

yum erase NetworkManager

8
0
Silver badge
Trollface

yum remove RedHat

pkg install FreeBSD

8
2

chroot

Why doesn't it at least chroot into a safe(r) environment ...

0
1
Silver badge

Umm

not installing NWM or DHCP client on managed server installations kinda helps here.

5
1

Looks like they patched the vulnerability well before they announced it

[root@rhel75vm ~]# rpm -q --changelog dhcp-common | head

* Tue Apr 24 2018 Pavel Zhukov <pzhukov@redhat.com> - 12:4.2.5-68.1

- Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character

2
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018