Описание
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
An exploitable denial of service vulnerability exists in systemd which does not fully implement RFC3203, as it does not support authentication of FORCERENEW packets. A specially crafted DHCP FORCERENEW packet can cause a system, running the DHCP client, to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHPACK packets to reconfigure the system with arbitrary network settings.
Отчет
This issue did not affect the versions of systemd as shipped with Red Hat Enterprise Linux 8 as they did not include systemd-networkd service. NetworkManager embeds some pieces of systemd code base, including the DHCP client code. For this reason NetworkManager is marked as affected. By default only the versions of NetworkManager as shipped in Red Hat Enterprise Linux 8.0 and 8.1 are affected, as in those versions NetworkManager uses main.dhcp=internal setting (see networkmanager.conf(5)) by default, which relies on systemd DHCP client. On newer Red Hat Enterprise Linux 8 versions NetworkManager uses a different DHCP client by default, which is not affected by this flaw. On Red Hat Enterprise Linux 7 NetworkManager uses main.dhcp=dhclient by default, which is not affected by this flaw either, however users who have explicitly configured main.dhcp=internal would be affected, as the systemd DHCP client would be used in that case.
Меры по смягчению последствий
There is no available mitigation for this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | NetworkManager | Out of support scope | ||
| Red Hat Enterprise Linux 7 | systemd | Out of support scope | ||
| Red Hat Enterprise Linux 8 | systemd | Not affected | ||
| Red Hat Enterprise Linux 9 | NetworkManager | Not affected | ||
| Red Hat Enterprise Linux 9 | systemd | Not affected | ||
| Red Hat Enterprise Linux 8 | NetworkManager | Fixed | RHSA-2021:4361 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | NetworkManager | Fixed | RHSA-2021:4361 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
An exploitable denial-of-service vulnerability exists in Systemd 245. ...
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
ELSA-2021-4361: NetworkManager security, bug fix, and enhancement update (MODERATE)
EPSS
6.1 Medium
CVSS3