[ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)

Jim Kinney jim.kinney at gmail.com
Thu May 17 11:40:39 EDT 2018


only impacts RHEL and Fedora (and CentOS and Scientific Linux)
It's very specific in the way a script in NetworkManager handles
returning data from a DHCP server. The script runs as root and can be
overrun with remote shell commands. Oops.
On Thu, 2018-05-17 at 11:36 -0400, James Taylor via Ale wrote:
> I guessing because he cut & pasted the headline from the article. No
> big deal.
> I'm curious, though, the article and the CERT advisory only reference
> Red Hat 6 & 7.
> There's no CVE number and they don't mention any other distributions.
> Is this a Red Hat only issue? Seems unlikely.
> -jt
>  
>  
> 
> James Taylor
> 678-697-9420
> james.taylor at eastcobbgroup.com
> 
> 
> 
> > > > "Lightner, Jeffrey via Ale" <ale at ale.org> 5/17/2018 11:30 AM
> > > > >>> 
> 
> And you're shouting because...?
> 
> As the article notes RedHat released patches already.   It also notes
> this is an issue only for systems that use dhcp and finally notes
> that one has to be on the same network with the machines in
> question.    The discussion notes this is more a user for laptop
> users on external wifi than for anything else.  
> 
> 
> -----Original Message-----
> From: Ale [mailto:ale-bounces at ale.org] On Behalf Of Scott M. Jones
> via Ale
> Sent: Thursday, May 17, 2018 11:13 AM
> To: Atlanta Linux Enthusiasts
> Subject: [ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS
> (RHE)
> 
> CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS
> 
> (Threatpost)
> 
> https://threatpost.com/critical-linux-flaw-opens-the-door-to-full-roo
> t-access/132034/
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20180517/19f237f0/attachment.html>


More information about the Ale mailing list