Red Hat has patched a vulnerability affecting the DHCP client packages that shipped with Red Hat Enterprise Linux 6 and 7. A successful exploit could give an attacker root access and full control over enterprise endpoints.
According to an alert issued Wednesday from US-CERT, the critical-rated flaw, first reported by Google researcher Felix Wilhelm, would “allow attackers to use malicious DHCP server responses to execute arbitrary commands on target systems over the local network,” if those systems use NetworkManager and are configured to obtain dynamic IP addresses.
An attack would take advantage of the way the DHCP protocol is used to dynamically assign IP addresses to computers; i.e., the fact that the endpoint clients essentially broadcast out a query over the local network to obtain an address from a DHCP server.
An attacker may be able to compromise the legitimate DHCP server itself in order to be able to send out the payload in the first place, Ayer added; or, he or she could set up a fake node on the network to masquerade as a legitimate DHCP server, sending out malicious, spoofed responses to normal network addressing queries. In both cases, the bad actor would need to be attached to the same local-area network as the targeted systems in order to exploit the flaw.
Submitted by: Arnfried Walbrecht