Hi,
I have just seen this on Tech republic:
https://www.techrepublic.com/article/linux-admins-dire-vulnerability-gives-attackers-root-access-in-rhel-centos-fedora/?ftag=TRE684d531&bhid=27503898694594683706162444305349
Also there is a mitigation for it here:
https://fedoramagazine.org/protect-fedora-system-dhcp-flaw/
Can any of the experts here confirm that this affects ClearOS and also will the mitigation work on ClearOS?
I don't think it's likely to pose any threats as the machines I have set up are not in places where Wi-Fi access is granted to the general public, but there may be other users here who are affected?
Siv
I have just seen this on Tech republic:
https://www.techrepublic.com/article/linux-admins-dire-vulnerability-gives-attackers-root-access-in-rhel-centos-fedora/?ftag=TRE684d531&bhid=27503898694594683706162444305349
Also there is a mitigation for it here:
https://fedoramagazine.org/protect-fedora-system-dhcp-flaw/
Can any of the experts here confirm that this affects ClearOS and also will the mitigation work on ClearOS?
I don't think it's likely to pose any threats as the machines I have set up are not in places where Wi-Fi access is granted to the general public, but there may be other users here who are affected?
Siv
In DHCP Server
Share this post:
Accepted Answer
A few people have installed Gnome or similar on their ClearOS system and therefore have probably installed NetworkManager - they will require CVE-2018-1111 to be safe against this flaw. Since you don't have NetworkManager installed - then sleep soundly Dave indicated the update is coming.
Incidentally, NetworkManager does help in a few cases if you are using the OS on a Workstation or laptop, but is a annoyance on a server. I disable it as it tends to change things under the covers...
Incidentally, NetworkManager does help in a few cases if you are using the OS on a Workstation or laptop, but is a annoyance on a server. I disable it as it tends to change things under the covers...
Responses (10)
-
Accepted Answer
The mitigation I saw is to update the dhcp packages and they are not available at the moment. Also ClearOS does not use NetworkManager so I don't know if it is vulnerable or not. It does, however, use the underlying dhcp packages and when a fix is pushed through Centos we will get them whatever. -
Accepted Answer
Nick,
Thanks for your reply.
I wasn't sure if ClearOS used network manager but thought I should raise it in case the community hadn't seen it.
I don't think my systems are vulnerable as I use it in my own home system with no public access to the network via Wi-Fi and the small business clients I have put it on don't either so unless there is a way to hack through from the internet side (which I got the impression from the articles wasn't the case), then hopefully we should be OK.
Siv -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Graham Sivilll wrote:
The simple answer is yes you can, but that is not what you want to hear. You want to hear how to do it. I did it many moons ago but I can't find out how! I'll keep looking.
Nick,
Is there a way that you can set that when you view posts here they are in "Oldest" to "youngest" format. I know you can set it each time you visit a posts page but I would like to set it as a preference and I can't find a way to do that so it always starts with "Latest" format?
Siv -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Tony,
So presumably we will get the same update in due course!?
I get the feeling from Dave Loper that he doesn't see this as an issue for ClearOS users unless you have installed NetworkManager which I have not, so I will keep watching the updates to see if anything DHCP related appears.
Siv -
Accepted Answer
Tony Ellis wrote:
A few people have installed Gnome or similar on their ClearOS system and therefore have probably installed NetworkManager - they will require CVE-2018-1111 to be safe against this flaw. Since you don't have NetworkManager installed - then sleep soundly Dave indicated the update is coming.
Incidentally, NetworkManager does help in a few cases if you are using the OS on a Workstation or laptop, but is an annoyance on a server. I disable it as it tends to change things under the covers...
Tony,
Thanks, I will!
Siv
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »