CVE-2018-1111
Summary
| CVE | CVE-2018-1111 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-05-17 16:29:00 UTC |
| Updated | 2023-02-12 23:32:00 UTC |
| Description | DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. |
Risk And Classification
Problem Types: CWE-77
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 26 | All | All | All |
| Operating System | Fedoraproject | Fedora | 27 | All | All | All |
| Operating System | Fedoraproject | Fedora | 28 | All | All | All |
| Operating System | Fedoraproject | Fedora | 26 | All | All | All |
| Operating System | Fedoraproject | Fedora | 27 | All | All | All |
| Operating System | Fedoraproject | Fedora | 28 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Application | Redhat | Enterprise Virtualization | 4.0 | All | All | All |
| Application | Redhat | Enterprise Virtualization | 4.2 | All | All | All |
| Application | Redhat | Enterprise Virtualization | 4.0 | All | All | All |
| Application | Redhat | Enterprise Virtualization | 4.2 | All | All | All |
| Application | Redhat | Enterprise Virtualization Host | 4.0 | All | All | All |
| Application | Redhat | Enterprise Virtualization Host | 4.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 28 Update: dhcp-4.3.6-20.fc28 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Vendor Advisory |
| [SECURITY] Fedora 27 Update: dhcp-4.3.6-10.fc27 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| Bug 1567974 – CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script | MISC | bugzilla.redhat.com | |
| Malformed Request | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Vendor Advisory |
| [SECURITY] Fedora 28 Update: dhcp-4.3.6-20.fc28 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 26 Update: dhcp-4.3.5-11.fc26 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| [R1] TenableCore Web Application Scanner v20180702 Fixes Third-party Vulnerabilities - Security Advisory | Tenable® | CONFIRM | www.tenable.com | |
| DCIM Support | CONFIRM | help.ecostruxureit.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Vendor Advisory |
| CVE-2018-1111 - Red Hat Customer Portal | MISC | access.redhat.com | |
| DynoRoot DHCP Client - Command Injection | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| [SECURITY] Fedora 27 Update: dhcp-4.3.6-10.fc27 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| DHCP Client Script Code Execution Vulnerability - CVE-2018-1111 - Red Hat Customer Portal | CONFIRM | access.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Vendor Advisory |
| 1567974 – (CVE-2018-1111) CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script | CONFIRM | bugzilla.redhat.com | Issue Tracking, Vendor Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Vendor Advisory |
| DHCP Client - Command Injection 'DynoRoot' (Metasploit) | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Vendor Advisory |
| Red Hat DCHP NetworkManager Script Component Lets Remote Users on the Local Network Execute Arbitrary Commands with Root Privileges on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Vendor Advisory |
| [SECURITY] Fedora 26 Update: dhcp-4.3.5-11.fc26 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.