Red Hat Enterprise Linux CVE-2018-1111 Execute Arbitrary Commands

Authors:Felix Wilhelm           Risk:Critical

CVE:CVE-2018-1111              0day:Execute Arbitrary Commands 

0day -id:0DAY-176188            Date:2018-05-16

Description

A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

Statement

Red Hat has been made aware of a vulnerability affecting the DHCP client packages as shipped with Red Hat Enterprise Linux 6 and 7. This vulnerability CVE-2018-1111 was rated as having a security impact of Critical. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

POC

CVE-2018-1111 DHCP Client RCE

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Advanced Update Support 6.4 (dhcp) RHSA-2018:1461 2018-05-15
Red Hat Enterprise Linux Extended Update Support 7.3 (dhcp) RHSA-2018:1456 2018-05-15
Red Hat Enterprise Linux Advanced Update Support 6.6 (dhcp) RHSA-2018:1459 2018-05-15
Red Hat Enterprise Linux 6 (dhcp) RHSA-2018:1454 2018-05-15
Red Hat Enterprise Linux Extended Update Support 6.7 (dhcp) RHSA-2018:1458 2018-05-15
Red Hat Enterprise Linux Advanced Update Support 7.2 (dhcp) RHSA-2018:1457 2018-05-15
Red Hat Enterprise Linux Server TUS (v. 6.6) (dhcp) RHSA-2018:1459 2018-05-15
Red Hat Enterprise Linux 7 (dhcp) RHSA-2018:1453 2018-05-15
Red Hat Enterprise Linux Extended Update Support 7.4 (dhcp) RHSA-2018:1455 2018-05-15
Other (dhcp) RHSA-2018:1457 2018-05-15
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts RHSA-2018:1524 2018-05-15
Red Hat Enterprise Linux Advanced Update Support 6.5 (dhcp) RHSA-2018:1460 2018-05-15
Red Hat Enterprise Linux Server TUS (v. 7.2) (dhcp) RHSA-2018:1457 2018-05-15

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 dhcp Not affected

Acknowledgements

Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.

Mitigation

Please access https://access.redhat.com/security/vulnerabilities/3442151 for information on how to mitigate this issue.

External References

 

Leave a Reply