Community Forum

Resolved
0 votes
Hi,
I have just seen this on Tech republic:

https://www.techrepublic.com/article/linux-admins-dire-vulnerability-gives-attackers-root-access-in-rhel-centos-fedora/?ftag=TRE684d531&bhid=27503898694594683706162444305349

Also there is a mitigation for it here:
https://fedoramagazine.org/protect-fedora-system-dhcp-flaw/

Can any of the experts here confirm that this affects ClearOS and also will the mitigation work on ClearOS?

I don't think it's likely to pose any threats as the machines I have set up are not in places where Wi-Fi access is granted to the general public, but there may be other users here who are affected?

Siv
Thursday, May 17 2018, 09:01 AM
Share this post:

Accepted Answer

Monday, May 21 2018, 03:26 AM - #Permalink
Resolved
1 votes
A few people have installed Gnome or similar on their ClearOS system and therefore have probably installed NetworkManager - they will require CVE-2018-1111 to be safe against this flaw. Since you don't have NetworkManager installed - then sleep soundly :) Dave indicated the update is coming.

Incidentally, NetworkManager does help in a few cases if you are using the OS on a Workstation or laptop, but is a annoyance on a server. I disable it as it tends to change things under the covers...
The reply is currently minimized Show
Responses (10)
  • Accepted Answer

    Monday, May 21 2018, 08:00 AM - #Permalink
    Resolved
    0 votes
    Tony Ellis wrote:

    A few people have installed Gnome or similar on their ClearOS system and therefore have probably installed NetworkManager - they will require CVE-2018-1111 to be safe against this flaw. Since you don't have NetworkManager installed - then sleep soundly :) Dave indicated the update is coming.

    Incidentally, NetworkManager does help in a few cases if you are using the OS on a Workstation or laptop, but is an annoyance on a server. I disable it as it tends to change things under the covers...


    Tony,

    Thanks, I will!

    Siv
    The reply is currently minimized Show
  • Accepted Answer

    Monday, May 21 2018, 01:18 AM - #Permalink
    Resolved
    0 votes
    Tony,

    So presumably we will get the same update in due course!?
    I get the feeling from Dave Loper that he doesn't see this as an issue for ClearOS users unless you have installed NetworkManager which I have not, so I will keep watching the updates to see if anything DHCP related appears.

    Siv
    The reply is currently minimized Show
  • Accepted Answer

    Friday, May 18 2018, 04:50 AM - #Permalink
    Resolved
    0 votes
    The dhcp rpms on my Fedoara 27 system have just been update to version 4.3.6-10.fc27.x86_64.rpm
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 17 2018, 02:58 PM - #Permalink
    Resolved
    0 votes
    Nick,

    Thanks, I thought there would be somewhere but I can't find how you do it?

    Siv
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 17 2018, 02:53 PM - #Permalink
    Resolved
    1 votes
    Graham Sivilll wrote:

    Nick,

    Is there a way that you can set that when you view posts here they are in "Oldest" to "youngest" format. I know you can set it each time you visit a posts page but I would like to set it as a preference and I can't find a way to do that so it always starts with "Latest" format?

    Siv
    The simple answer is yes you can, but that is not what you want to hear. You want to hear how to do it. I did it many moons ago but I can't find out how! I'll keep looking.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 17 2018, 02:42 PM - #Permalink
    Resolved
    0 votes
    Dave,

    Thanks for the clarification. Nick raised the thought that even though the version I am on V7.4.0 does not use Network Manager, that maybe this affected some of the underlying DHCP stuff, is that the case or is it only an issue if you have Network Manager?

    Siv
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 17 2018, 02:23 PM - #Permalink
    Resolved
    1 votes
    ClearOS 6 and 7 do not use Network Manager but ClearOS 8 will likely use it.

    For those installing Network Manager after the fact for testing and dev work, there is an update coming soon in the upstream repos.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 17 2018, 02:23 PM - #Permalink
    Resolved
    0 votes
    Nick,

    Is there a way that you can set that when you view posts here they are in "Oldest" to "youngest" format. I know you can set it each time you visit a posts page but I would like to set it as a preference and I can't find a way to do that so it always starts with "Latest" format?

    Siv
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 17 2018, 02:13 PM - #Permalink
    Resolved
    0 votes
    Nick,
    Thanks for your reply.
    I wasn't sure if ClearOS used network manager but thought I should raise it in case the community hadn't seen it.
    I don't think my systems are vulnerable as I use it in my own home system with no public access to the network via Wi-Fi and the small business clients I have put it on don't either so unless there is a way to hack through from the internet side (which I got the impression from the articles wasn't the case), then hopefully we should be OK.

    Siv
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 17 2018, 12:51 PM - #Permalink
    Resolved
    1 votes
    The mitigation I saw is to update the dhcp packages and they are not available at the moment. Also ClearOS does not use NetworkManager so I don't know if it is vulnerable or not. It does, however, use the underlying dhcp packages and when a fix is pushed through Centos we will get them whatever.
    The reply is currently minimized Show
Your Reply