CVE-2018-1111

17.05.2018, 16:29

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

Command Injection

OS Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	ADJACENT_NETWORK	HIGH	NONE	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
redhat	enterprise_virtualization	4.0
redhat	enterprise_virtualization	4.2
redhat	enterprise_virtualization_host	4.0
redhat	enterprise_linux	6.0
redhat	enterprise_linux	6.4
redhat	enterprise_linux	6.5
redhat	enterprise_linux	6.6
redhat	enterprise_linux	6.7
redhat	enterprise_linux	7.0
redhat	enterprise_linux	7.2
redhat	enterprise_linux	7.3
redhat	enterprise_linux	7.4
redhat	enterprise_linux	7.5
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0

𝑥

= Vulnerable software versions

Red Hat Enterprise Linux Releases

Red Hat Product

Release

dhclient

RHEL 6	12:4.1.1-53.P1.el6_9.4 fixed
RHEL 7	12:4.2.5-68.el7_5.1 fixed

dhcp

RHEL 6	12:4.1.1-53.P1.el6_9.4 fixed
RHEL 7	12:4.2.5-68.el7_5.1 fixed

dhcp-common

RHEL 6	12:4.1.1-53.P1.el6_9.4 fixed
RHEL 7	12:4.2.5-68.el7_5.1 fixed

dhcp-devel

RHEL 6	12:4.1.1-53.P1.el6_9.4 fixed
RHEL 7	12:4.2.5-68.el7_5.1 fixed

dhcp-libs

RHEL 7

12:4.2.5-68.el7_5.1

fixed

Known Exploits!

Common Weakness Enumeration

References

http://www.securityfocus.com/bid/104195

http://www.securitytracker.com/id/1040912

https://access.redhat.com/errata/RHSA-2018:1453

https://access.redhat.com/errata/RHSA-2018:1454

https://access.redhat.com/errata/RHSA-2018:1455

https://access.redhat.com/errata/RHSA-2018:1456

https://access.redhat.com/errata/RHSA-2018:1457

https://access.redhat.com/errata/RHSA-2018:1458

https://access.redhat.com/errata/RHSA-2018:1459

https://access.redhat.com/errata/RHSA-2018:1460

https://access.redhat.com/errata/RHSA-2018:1461

https://access.redhat.com/errata/RHSA-2018:1524

https://access.redhat.com/security/vulnerabilities/3442151

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/

https://www.exploit-db.com/exploits/44652/

https://www.exploit-db.com/exploits/44890/

https://www.tenable.com/security/tns-2018-10

http://www.securityfocus.com/bid/104195

http://www.securitytracker.com/id/1040912

https://access.redhat.com/errata/RHSA-2018:1453

https://access.redhat.com/errata/RHSA-2018:1454

https://access.redhat.com/errata/RHSA-2018:1455

https://access.redhat.com/errata/RHSA-2018:1456

https://access.redhat.com/errata/RHSA-2018:1457

https://access.redhat.com/errata/RHSA-2018:1458

https://access.redhat.com/errata/RHSA-2018:1459

https://access.redhat.com/errata/RHSA-2018:1460

https://access.redhat.com/errata/RHSA-2018:1461

https://access.redhat.com/errata/RHSA-2018:1524

https://access.redhat.com/security/vulnerabilities/3442151

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/

https://www.exploit-db.com/exploits/44652/

https://www.exploit-db.com/exploits/44890/

https://www.tenable.com/security/tns-2018-10