Is this dependent on Netcat?
I always wondered why netcat is installed in every 'nix and Android OS if it can be abused.
Red Hat has announced a critical vulnerability in its DHCP client and while it doesn't have a brand name it does have a Tweetable proof-of-concept. Discovered by Googler Felix Wilhelm, CVE-2018-1111 is a command injection bug in the Red Hat Enterprise Linux and derivative DHCP clients. Wilhelm Tweeted: “CVE 2018-1111 is a …
"Like firewalld is a pointless Red Hat wrapper around iptables, NetworkManager is yet another pointless wrapper around already existing functionality."
CentOS 6 ->
chkconfig NetworkManager off
chkconfig network on
service NetworkManager stop
service network start
> And we wonder why RedHat invented systemd...
Not as such. Poettering "invented" it (pinched it off?), RedHat compounded that transgression by inflicting it on everyone, using viral tentacles into Gnome et al.
Every bit the "embrace and extend and ..." method.
For all its faults and fragility, NetworkManager at least has the good graces to be avoidable, i.e. you don't need to use it if other methods suit you. For now. And to be fair, NetworkManager does seem to have improved somewhat over time -- I still don't use it anywhere near servers, but I've tried it on a migratory laptop and it's ... OK. Still no tangible benefit for me, but ... OK.
I could be wrong, but my impression is reported NM bugs do seem to get addressed, seemingly without as much conflict and opposition from the maintainers as happens with systemd's devs ("it's not a bug, you're just doing it wrong").
> I always wondered why netcat is installed in every 'nix and Android OS if it can be abused.
Better not include gcc, ruby, python, perl, bash, or anything that can be programmed to open a socket then. (I do have a python telnet client script written up for that absurd practice of not including telnet client for the same exact reason).
netcat is a tool with zero special abilities, the target is the problem. There are 1000's of things that can do the same job as netcat.
Before you get on your high horse, note that *any* dhcp client which can in some way be convinced to set a shell variable from a DHCP response will be vulnerable to this sort of trick.
The more good old-fashioned shell scripting you have in your setup, the bigger your attack surface.
Biting the hand that feeds IT © 1998–2019