gcp-dhcp-takeover-code-exec icon indicating copy to clipboard operation
gcp-dhcp-takeover-code-exec copied to clipboard

Published 20 hours ago verified publisher icon irsl

Hotfix in new GCE Debian image

Open ramshazar opened this issue 3 years ago • 1 comments

Google changed the script "google_set_hostname": https://github.com/GoogleCloudPlatform/guest-configs/commit/fac404b447e7dee8813bca13b37436a23add5b18#diff-5b7b2f3606d3cd6fc72670c3a7a34873df730bab794d3004382d34240fff1be8

This has been release with the new image version: https://console.cloud.google.com/compute/imagesDetail/projects/debian-cloud/global/images/debian-10-buster-v20210701

To verify that the change is in the image follow these steps:

  • create a new instance with the Debian GNU/Linux 10 (buster) image
  • log in via ssh
  • cat /bin/google_set_hostname

I did not check if this stops the attack and if it is sufficient. I just wanted to note that they addressed the issue somehow.

ramshazar avatar Jul 03 '21 16:07 ramshazar

Thanks for this follow up. There is a known bypass of the security measure added into the Google image, so relying on it solely is not yet recommended.

irsl avatar Jul 05 '21 08:07 irsl