RedHat DHCP remote root execution vulnerability

A command injection bug in Red Hat’s DHCP client could allow an attacker to run any command on your computer. As root. RedHat Linux, together with its stablemates Fedora and CentOS, just patched a serious security bug.

RedHat-based Linux distros include a dhclient script as part of their NetworkManager package – until the latest NetworkManager security patch, this script could be tricked into running text provided in a DHCP reply as if it were a system command of its own. Technically, this sort of bug is known as a command injection vulnerability, because it allows you to sneak in a command where you are supposed to supply data. It’s also a root RCE, short for remote code execution, because you don’t need to login first, and because you get to run the remotely supplied code as a system administrator.

Source: sophos.com