Fedora和Red Hat Enterprise Linux DHCP包命令注入漏洞
+ 查看更多
Red Hat Enterprise Linux(RHEL)是美国红帽(Red Hat)公司维护和发布的一套面向企业用户的Linux操作系统。Fedora是由Fedora项目社区开发、美国红帽(Red Hat)公司赞助的一套基于Linux的操作系统。DHCP packages是其中的一个动态主机配置协议软件包。
Fedora 28及之前版本、Red Hat Enterprise Linux 6和7中的DHCP包的NetworkManager integration脚本存在命令注入漏洞。本地攻击者可通过伪造DHCP响应利用该漏洞在系统以root权限执行任意命令。
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://access.redhat.com/security/vulnerabilities/3442151
来源:CONFIRM
链接:https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1453
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1461
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1460
来源:CONFIRM
链接:https://www.tenable.com/security/tns-2018-10
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1458
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1524
来源:BID
链接:http://www.securityfocus.com/bid/104195
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1459
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1456
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1457
来源:REDHAT
链接::https://access.redhat.com/errata/RHSA-2018:1454
来源:CONFIRM
链接:https://access.redhat.com/security/vulnerabilities/3442151
来源:EXPLOIT-DB
链接:https://www.exploit-db.com/exploits/44652/
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1455
来源:BID
链接:https://www.securityfocus.com/bid/104195
来源:SECTRACK
链接:http://www.securitytracker.com/id/1040912
来源:EXPLOIT-DB
链接::https//www.exploit-db.com/exploits/44890/
来源:CONFIRM
链接:https://www.auscert.org.au/bulletins/80562
来源:www-01.ibm.com
链接:https://www-01.ibm.com/support/docview.wss?uid=ibm10882400