Security alert: flaw in dhclient allows malicious DHCP server to run privileged commands remotely

A new vulnerability, CVE-2018-1111, has been recently announced; it allows a malicious DHCP server to send a specially crafted response that can run privileged commands on a DHCP client that is running dhclient. This affects dhclient on both Centos Linux 6 and CentOS Linux 7 systems.

RedHat have released an updated to patch the flaw in dhclient. It can be assumed that versions of before dhclient-4.2.5-68.el7 are vulnerable.


yum update dhclient

For more information about the vulnerability, see RedHat’s post here:

Share This Post

About Author: Curtis K

Hi! My name is Curtis, and I am the author of CentOS Blog. Please feel free to comment with any suggestions, feedback or questions!