[ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)

DJ-Pfulio DJPfulio at jdpfu.com
Thu May 17 11:46:12 EDT 2018 

All I see is
* RH and RH-based distros (fedora/centos/scientific....)
* networkmanager
* dhcp

So, purge network-manager and use static IPs, like you already know you
should. I don't see why they say network-manager, since it is about a
crafted DHCP payload. Wouldn't any DHCP tool be impacted similarly?

In the article, they talk about servers and mysql ... who would run
those on dhcp? Serious question - who and why?

Or just patch before you visit someone else's network and stop worrying.


On 05/17/2018 11:36 AM, James Taylor via Ale wrote:
> I guessing because he cut & pasted the headline from the article. No big deal.
> I'm curious, though, the article and the CERT advisory only reference Red Hat 6 & 7.
> There's no CVE number and they don't mention any other distributions.
> Is this a Red Hat only issue? Seems unlikely.
> -jt
>  
>  
> 
> James Taylor
> 678-697-9420
> james.taylor at eastcobbgroup.com
> 
> 
> 
>>>> "Lightner, Jeffrey via Ale" <ale at ale.org> 5/17/2018 11:30 AM >>> 
> And you're shouting because...?
> 
> As the article notes RedHat released patches already.   It also notes this is an issue only for systems that use dhcp and finally notes that one has to be on the same network with the machines in question.    The discussion notes this is more a user for laptop users on external wifi than for anything else.  
> 
> 
> -----Original Message-----
> From: Ale [mailto:ale-bounces at ale.org] On Behalf Of Scott M. Jones via Ale
> Sent: Thursday, May 17, 2018 11:13 AM
> To: Atlanta Linux Enthusiasts
> Subject: [ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)
> 
> CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS
> 
> (Threatpost)
> 
> https://threatpost.com/critical-linux-flaw-opens-the-door-to-full-root-access/132034/
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 


-- 
Got Linux? Used on smartphones, tablets, desktop computers, media
centers, and servers by kids, Moms, Dads, grandparents and IT
professionals.

More information about the Ale mailing list