BLSA-2018:0017 – [严重] DHCP安全更新



  • BLSA-2018:0017 – [严重] DHCP安全更新

    问题描述

           动态主机配置协议(DHCP)是一种允许IP网络上的各个设备获取其自己的网络配置信息的协议,包括IP地址,子网掩码和广播地址。dhcp软件包提供了在网络上启用和管理DHCP所需的中继代理和ISC DHCP服务。在Red Hat Enterprise Linux的DHCP客户端软件包中包含的NetworkManager集成脚本中发现了命令注入漏洞。恶意DHCP服务器或本地网络上能够欺骗DHCP响应的攻击者可以使用此漏洞在使用NetworkManager的系统上执行具有root权限的任意命令,并配置为使用DHCP协议获取网络配置。

    影响版本

    • BigCloud Enterprise Linux 7.3
    • BigCloud Enterprise Linux 7.2
    • Red Hat Enterprise Linux 7.3
    • Red Hat Enterprise Linux 7.2
    • CentOS Linux 7.3
    • CentOS Linux 7.2

    详细介绍

    安全修复

    [CVE-2018-1111 [危急]]

    在DHCP客户端软件包中包含的NetworkManager集成脚本中,发现了命令注入漏洞。恶意DHCP服务器或本地网络上能够欺骗DHCP响应的攻击者可以使用此漏洞在使用NetworkManager的系统上执行具有root权限的任意命令,并配置为使用DHCP协议获取网络配置。

    解决方案

    目前,BCLinux 的官方源已经提供 DHCP 的更新软件包,受影响的 BCLinux 7.2 客户端用户需要升级到 4.2.5-42.el7_2.bclinux.1.x86_64 版本,受影响的 BCLinux 7.3 客户端用户需要升级到 4.2.5-47.el7_3.bclinux.1.x86_64 版本。

    1. 检查YUM源设置,确保使用的是 BCLinux 官方YUM源
    [root@BCLinux7_3 ~]# ls -l /etc/yum.repos.d/
    total 24
    -rw-r--r--. 1 root root  970 Mar 29 04:26 BCLinux-Base.repo
    -rw-r--r--. 1 root root 1512 Apr  9  2017 BCLinux-CR.repo
    -rw-r--r--. 1 root root  676 Apr  9  2017 BCLinux-Debuginfo.repo
    -rw-r--r--. 1 root root 1220 Apr  9  2017 BCLinux-Kernel.repo
    -rw-r--r--. 1 root root 1027 Apr  9  2017 BCLinux-Source.repo
    -rw-r--r--. 1 root root  807 Apr  9  2017 BigCloud.repo
    
    
    1. 安装更新

           7.3 升级示例

    [root@BCLinux7_3 ~]#  yum update dhclient
    Loaded plugins: fastestmirror, langpacks
    Loading mirror speeds from cached hostfile
    Resolving Dependencies
    --> Running transaction check
    ---> Package dhclient.x86_64 12:4.2.5-47.el7.centos will be updated
    ---> Package dhclient.x86_64 12:4.2.5-47.el7_3.bclinux.1 will be an update
    --> Processing Dependency: dhcp-libs(x86-64) = 12:4.2.5-47.el7_3.bclinux.1 for package: 12:dhclient-4.2.5-47.el7_3.bclinux.1.x86_64
    --> Processing Dependency: dhcp-common = 12:4.2.5-47.el7_3.bclinux.1 for package: 12:dhclient-4.2.5-47.el7_3.bclinux.1.x86_64
    --> Running transaction check
    ---> Package dhcp-common.x86_64 12:4.2.5-47.el7.centos will be updated
    ---> Package dhcp-common.x86_64 12:4.2.5-47.el7_3.bclinux.1 will be an update
    ---> Package dhcp-libs.x86_64 12:4.2.5-47.el7.centos will be updated
    ---> Package dhcp-libs.x86_64 12:4.2.5-47.el7_3.bclinux.1 will be an update
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ============================================================================================================================================================
     Package                            Arch                          Version                                              Repository                      Size
    ============================================================================================================================================================
    Updating:
     dhclient                           x86_64                        12:4.2.5-47.el7_3.bclinux.1                          updates                        280 k
    Updating for dependencies:
     dhcp-common                        x86_64                        12:4.2.5-47.el7_3.bclinux.1                          updates                        172 k
     dhcp-libs                          x86_64                        12:4.2.5-47.el7_3.bclinux.1                          updates                        129 k
    
    Transaction Summary
    ============================================================================================================================================================
    Upgrade  1 Package (+2 Dependent packages)
    
    Total download size: 581 k
    Is this ok [y/d/N]:
    
    

           7.2 升级示例

    [root@BCLinux7_2 ~]# yum update dhclient --releasever=7.2
    Loaded plugins: fastestmirror, langpacks
    Loading mirror speeds from cached hostfile
    Resolving Dependencies
    --> Running transaction check
    ---> Package dhclient.x86_64 12:4.2.5-42.el7.centos will be updated
    ---> Package dhclient.x86_64 12:4.2.5-42.el7_2.bclinux.1 will be an update
    --> Processing Dependency: dhcp-libs(x86-64) = 12:4.2.5-42.el7_2.bclinux.1 for package: 12:dhclient-4.2.5-42.el7_2.bclinux.1.x86_64
    --> Processing Dependency: dhcp-common = 12:4.2.5-42.el7_2.bclinux.1 for package: 12:dhclient-4.2.5-42.el7_2.bclinux.1.x86_64
    --> Running transaction check
    ---> Package dhcp-common.x86_64 12:4.2.5-42.el7.centos will be updated
    ---> Package dhcp-common.x86_64 12:4.2.5-42.el7_2.bclinux.1 will be an update
    ---> Package dhcp-libs.x86_64 12:4.2.5-42.el7.centos will be updated
    ---> Package dhcp-libs.x86_64 12:4.2.5-42.el7_2.bclinux.1 will be an update
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ============================================================================================================================================================
     Package                            Arch                          Version                                              Repository                      Size
    ============================================================================================================================================================
    Updating:
     dhclient                           x86_64                        12:4.2.5-42.el7_2.bclinux.1                          updates                        279 k
    Updating for dependencies:
     dhcp-common                        x86_64                        12:4.2.5-42.el7_2.bclinux.1                          updates                        172 k
     dhcp-libs                          x86_64                        12:4.2.5-42.el7_2.bclinux.1                          updates                        128 k
    
    Transaction Summary
    ============================================================================================================================================================
    Upgrade  1 Package (+2 Dependent packages)
    
    Total download size: 579 k
    Is this ok [y/d/N]: 
    
    1. 复查
    [root@BCLinux7_3 ~]# rpm -qa|grep dhclient
    dhclient-4.2.5-47.el7_3.bclinux.1.x86_64
    
    
    [root@BCLinux7_2 ~]# rpm -qa|grep dhclient
    dhclient-4.2.5-42.el7_2.bclinux.1.x86_64
    
    
    1. 重启机器

    安装升级包以后,重启机器,更新生效。

    外部链接

    1.BCLinux安全更新


登录后回复
 

与 BC-LINUX 的连接断开,我们正在尝试重连,请耐心等待