A command injection vulnerability has been discovered in the Dynamic Host Configuration Protocol (DHCP) client included in Red Hat Enterprise Linux, which would allow a malicious actor capable of setting up a DHCP server or otherwise capable of spoofing DHCP responses on a local network to execute commands with root privileges.
The vulnerability—which is designated as CVE-2018-1111 by Red Hat—was discovered by Google engineer Felix Wilhelm, who noted that the proof-of-exploit code is small enough to fit in a tweet. Red Hat considers it a critical vulnerability, as noted in the bug report, indicating that it can be easily exploited by a remote unauthenticated attacker.
DHCP is used to assign an IP address, DNS servers, and other network configuration attributes to devices on a network. DHCP is used in both wired and wireless networks. Given that the requirements of leveraging this exploit are simply being on the same network, this vulnerability would be particularly concerning on systems likely to be connected to untrusted open Wi-Fi networks, which is more likely to affect Fedora users on laptops.
SEE: Linux distribution comparison chart (Tech Pro Research)
Ultimately, any non-segregated network that allows devices to join without explicit administrator approval—which is arguably the point of enabling DHCP to begin with—is ultimately a risk.
This bug affects RHEL 6.x and 7x, as well as CentOS 6.x and 7.x, and Fedora 26, 27, 28, and Rawhide. Other operating systems built on top of Fedora/RHEL are likely to be affected, including HPE's ClearOS and Oracle Linux, as well as the recently-discontinued Korora Linux. Because the issue relates to a NetworkManager integration script, it is unlikely to affect Linux distributions that are not related to Fedora or RHEL. RHEL 5 is not affected.
The big takeaways for tech leaders:
- A critical vulnerability in DHCP was discovered in RHEL, CentOS, and Fedora, which allows attackers to execute commands as root.
- This issue relates to a NetworkManager integration script, making it unlikely to affect Linux distributions which are not related to Fedora or RHEL.
- 20 quick tips to make Linux networking easier (free PDF) (TechRepublic)
- Enterprise vulnerability management as effective as 'random chance' (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Fedora 28: The new developers' Linux arrives (ZDNet)
- UPnP protocol exploit makes it harder for IT to shut down DDoS attacks (TechRepublic)
James Sanders is a Tokyo-based programmer and technology journalist. Since 2013, he has been a regular contributor to TechRepublic and Tech Pro Research.