Versions < 4.2.5-68.el7_5.1 of the DHCP client packages in Red Hat Enterprise Linux 6/7 are vulnerable to arbitrary command injection. An attacker on the local network could use this flaw to achieve root RCE by spoofing DHCP responses.
- The vulnerable Red Hat server broadcasts a DHCP request.
- The attacker replies with a DHCP ACK containing a command injected into the Proxy Autodiscovery DHCP option.
The attacker must be able to send crafted packets to the target system.
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.
Recommendations for Mitigation
Upgrade to a non-vulnerable version to mitigate this vulnerability.