CVE-2018-1111 : DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vu

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

Published 2018-05-17 16:29:00

Updated 2023-02-12 23:32:38

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2018-1111

Redhat » Enterprise Linux » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 6.7
cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 6.4
cpe:2.3:o:redhat:enterprise_linux:6.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 6.6
cpe:2.3:o:redhat:enterprise_linux:6.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Virtualization » Version: 4.0
cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Virtualization » Version: 4.2
cpe:2.3:a:redhat:enterprise_virtualization:4.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Virtualization Host » Version: 4.0
cpe:2.3:a:redhat:enterprise_virtualization_host:4.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 26
cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 28
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 27
cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2018-1111

Top countries where our scanners detected CVE-2018-1111

Top open port discovered on systems with this issue 53

IPs affected by CVE-2018-1111 754,055

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2018-1111!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2018-1111

EPSS FAQ

91.46%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2018-1111

DHCP Client Command Injection (DynoRoot)

Disclosure Date: 2018-05-15

First seen: 2020-04-26

exploit/unix/dhcp/rhel_dhcp_client_command_injection

This module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on

More information

CVSS scores for CVE-2018-1111

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.9	HIGH	AV:A/AC:M/Au:N/C:C/I:C/A:C	5.5	10.0	NIST
Access Vector: Adjacent Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.5	HIGH	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	1.6	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.5	HIGH	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	1.6	5.9	Red Hat, Inc.
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-1111

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Assigned by: secalert@redhat.com (Primary)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Secondary)

References for CVE-2018-1111

http://www.securityfocus.com/bid/104195

Malformed Request
Third Party Advisory;VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/

[SECURITY] Fedora 28 Update: dhcp-4.3.6-20.fc28 - package-announce - Fedora Mailing-Lists
https://access.redhat.com/errata/RHSA-2018:1457

RHSA-2018:1457 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1455

RHSA-2018:1455 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

Security fixes in StruxureWare Data Center Expert v7.6.0 - User assistance for StruxureWare Data Center Expert 7.x - Help Center: Support for EcoStruxure IT, StruxureWare for Data Centers, and NetBotz

CVEs referencing this url
https://www.exploit-db.com/exploits/44652/

DynoRoot DHCP Client - Command Injection
Exploit;VDB Entry;Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1456

RHSA-2018:1456 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1461

RHSA-2018:1461 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1524

RHSA-2018:1524 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:1454

RHSA-2018:1454 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111

1567974 – (CVE-2018-1111) CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script
Issue Tracking;Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1459

RHSA-2018:1459 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1458

RHSA-2018:1458 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://www.exploit-db.com/exploits/44890/

DHCP Client - Command Injection 'DynoRoot' (Metasploit)
Exploit;Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1040912

Red Hat DCHP NetworkManager Script Component Lets Remote Users on the Local Network Execute Arbitrary Commands with Root Privileges on the Target System - SecurityTracker
Third Party Advisory;VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/

[SECURITY] Fedora 27 Update: dhcp-4.3.6-10.fc27 - package-announce - Fedora Mailing-Lists
https://www.tenable.com/security/tns-2018-10

[R1] TenableCore Web Application Scanner v20180702 Fixes Third-party Vulnerabilities - Security Advisory | Tenable®
https://access.redhat.com/errata/RHSA-2018:1460

RHSA-2018:1460 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://access.redhat.com/security/vulnerabilities/3442151

DHCP Client Script Code Execution Vulnerability - CVE-2018-1111 - Red Hat Customer Portal
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/

[SECURITY] Fedora 26 Update: dhcp-4.3.5-11.fc26 - package-announce - Fedora Mailing-Lists
https://access.redhat.com/errata/RHSA-2018:1453

RHSA-2018:1453 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

Jump to

Vulnerability Details : CVE-2018-1111