The vulnerability, tracked every bit CVE-2018-1111, could permit attackers to execute arbitrary commands amongst root privileges on targeted systems.
Whenever your organisation joins a network, it’s the DHCP client application which allows your organisation to automatically have network configuration parameters, such every bit an IP address together with DNS servers, from the DHCP (Dynamic Host Control Protocol) server.
The vulnerability resides inwards the NetworkManager integration script included inwards the DHCP client packages which is configured to obtain network configuration using the DHCP protocol.
Felix Wilhelm from the Google safety squad found that attackers amongst a malicious DHCP server, or connected to the same network every bit the victim, tin forcefulness out exploit this flaw yesteryear spoofing DHCP responses, eventually allowing them to run arbitrary commands amongst root privileges on the victim's organisation running vulnerable DHCP client.
Although amount details of the vulnerability accept non been released, Wilhelm claims his PoC exploit code is together with thence curt inwards length that it fifty-fifty tin forcefulness out gibe inwards a tweet.
Meanwhile, Barkın Kılıç, a safety researcher from Turkey, has released a tweetable proof-of-concept exploit code for the Red Hat Linux DHCP client vulnerability on Twitter.
"Users accept the pick to take away or disable the vulnerable script, exactly this volition preclude for certain configuration parameters provided yesteryear the DHCP server from beingness configured on a local system, such every bit addresses of the local NTP or NIS servers," Red Hat warns.
Fedora has likewise released novel versions of DHCP packages containing fixes for Fedora 26, 27, together with 28.
Other pop Linux distributions similar OpenSUSE together with Ubuntu create non seem to hold out impacted yesteryear the vulnerability, every bit their DHCP client implementation doesn't accept NetworkManager integration script yesteryear default.
