当前位置: 首页 安全研究 Unix/Linux系统漏洞

Fedora和Red Hat Enterprise Linux DHCP包命令注入漏洞

发布日期:2018-05-17 09:00:00
漏洞信息详情
CNNVD编号:CNNVD-201805-523
CVE编号:  CVE-2018-1111
发布时间: 2018-05-17
更新时间: 2019-10-23
危害等级: 高危
漏洞类型: 操作系统命令注入
威胁类型: 远程或本地
厂       商:Fedoraproject
漏洞简介

Red Hat Enterprise Linux(RHEL)是美国红帽(Red Hat)公司维护和发布的一套面向企业用户的Linux操作系统。Fedora是由Fedora项目社区开发、美国红帽(Red Hat)公司赞助的一套基于Linux的操作系统。DHCP packages是其中的一个动态主机配置协议软件包。

Fedora 28及之前版本、Red Hat Enterprise Linux 6和7中的DHCP包的NetworkManager integration脚本存在命令注入漏洞。本地攻击者可通过伪造DHCP响应利用该漏洞在系统以root权限执行任意命令。

建议

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://access.redhat.com/security/vulnerabilities/3442151

参考网址

来源:CONFIRM
链接:https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/

来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1453

来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1461

来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1460

来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/

来源:CONFIRM
链接:https://www.tenable.com/security/tns-2018-10

来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1458

来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1524

来源:BID
链接:http://www.securityfocus.com/bid/104195

来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1459

来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1456

来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1457

来源:REDHAT
链接::https://access.redhat.com/errata/RHSA-2018:1454

来源:CONFIRM
链接:https://access.redhat.com/security/vulnerabilities/3442151

来源:EXPLOIT-DB
链接:https://www.exploit-db.com/exploits/44652/

来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2018:1455

来源:BID
链接:https://www.securityfocus.com/bid/104195

来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/

来源:SECTRACK
链接:http://www.securitytracker.com/id/1040912

来源:EXPLOIT-DB
链接::https//www.exploit-db.com/exploits/44890/

来源:CONFIRM
链接:https://www.auscert.org.au/bulletins/80562

来源:www-01.ibm.com
链接:https://www-01.ibm.com/support/docview.wss?uid=ibm10882400