CVE-2018-1111
7.5
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | dhcp | Red Hat Enterprise Linux 6 | affected |
| Red Hat | dhcp | Red Hat Enterprise Linux 7 | affected |
| Fedora | dhcp | Fedora 28 | affected |
Weaknesses
- CWE-77: CWE-77
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111
- https://www.tenable.com/security/tns-2018-10
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/
- https://access.redhat.com/security/vulnerabilities/3442151
- http://www.securityfocus.com/bid/104195
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/
- http://www.securitytracker.com/id/1040912
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://access.redhat.com/errata/RHSA-2018:1454
- https://access.redhat.com/errata/RHSA-2018:1455
- https://access.redhat.com/errata/RHSA-2018:1457
- https://access.redhat.com/errata/RHSA-2018:1459
- https://access.redhat.com/errata/RHSA-2018:1453
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/
- https://access.redhat.com/errata/RHSA-2018:1524
- https://access.redhat.com/errata/RHSA-2018:1456
- https://access.redhat.com/errata/RHSA-2018:1461
- https://www.exploit-db.com/exploits/44652/
- https://www.exploit-db.com/exploits/44890/
- https://access.redhat.com/errata/RHSA-2018:1458
- https://access.redhat.com/errata/RHSA-2018:1460
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111
- https://www.tenable.com/security/tns-2018-10
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/
- https://access.redhat.com/security/vulnerabilities/3442151
- http://www.securityfocus.com/bid/104195
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/
- http://www.securitytracker.com/id/1040912
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://access.redhat.com/errata/RHSA-2018:1454
- https://access.redhat.com/errata/RHSA-2018:1455
- https://access.redhat.com/errata/RHSA-2018:1457
- https://access.redhat.com/errata/RHSA-2018:1459
- https://access.redhat.com/errata/RHSA-2018:1453
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/
- https://access.redhat.com/errata/RHSA-2018:1524
- https://access.redhat.com/errata/RHSA-2018:1456
- https://access.redhat.com/errata/RHSA-2018:1461
- https://www.exploit-db.com/exploits/44652/
- https://www.exploit-db.com/exploits/44890/
- https://access.redhat.com/errata/RHSA-2018:1458
- https://access.redhat.com/errata/RHSA-2018:1460
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.