Vulnerabilities > CVE-2018-1111
Attack vector
ADJACENT_NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
Vulnerable Configurations
Exploit-Db
description DynoRoot DHCP Client - Command Injection. CVE-2018-1111. Local exploit for Linux platform file exploits/linux/local/44652.py id EDB-ID:44652 last seen 2018-05-24 modified 2018-05-18 platform linux port published 2018-05-18 reporter Exploit-DB source https://www.exploit-db.com/download/44652/ title DynoRoot DHCP Client - Command Injection type local description DHCP Client - Command Injection (DynoRoot) (Metasploit). CVE-2018-1111. Remote exploit for Linux platform. Tags: Metasploit Framework (MSF), Remote file exploits/linux/remote/44890.rb id EDB-ID:44890 last seen 2018-06-13 modified 2018-06-13 platform linux port published 2018-06-13 reporter Exploit-DB source https://www.exploit-db.com/download/44890/ title DHCP Client - Command Injection (DynoRoot) (Metasploit) type remote
Metasploit
description | This module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. |
id | MSF:EXPLOIT/UNIX/DHCP/RHEL_DHCP_CLIENT_COMMAND_INJECTION |
last seen | 2020-06-13 |
modified | 2018-08-27 |
published | 2018-05-18 |
references |
|
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/dhcp/rhel_dhcp_client_command_injection.rb |
title | DHCP Client Command Injection (DynoRoot) |
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-1454.NASL description From Red Hat Security Advisory 2018:1454 : An update for dhcp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109827 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109827 title Oracle Linux 6 : dhcp (ELSA-2018-1454) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:1454 and # Oracle Linux Security Advisory ELSA-2018-1454 respectively. # include("compat.inc"); if (description) { script_id(109827); script_version("1.10"); script_cvs_date("Date: 2019/09/27 13:00:38"); script_cve_id("CVE-2018-1111"); script_xref(name:"RHSA", value:"2018:1454"); script_xref(name:"IAVA", value:"2018-A-0162"); script_name(english:"Oracle Linux 6 : dhcp (ELSA-2018-1454)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2018:1454 : An update for dhcp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2018-May/007730.html" ); script_set_attribute(attribute:"solution", value:"Update the affected dhcp packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'DHCP Client Command Injection (DynoRoot)'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dhclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dhcp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dhcp-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dhcp-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/16"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"dhclient-4.1.1-53.P1.0.1.el6_9.4")) flag++; if (rpm_check(release:"EL6", reference:"dhcp-4.1.1-53.P1.0.1.el6_9.4")) flag++; if (rpm_check(release:"EL6", reference:"dhcp-common-4.1.1-53.P1.0.1.el6_9.4")) flag++; if (rpm_check(release:"EL6", reference:"dhcp-devel-4.1.1-53.P1.0.1.el6_9.4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhclient / dhcp / dhcp-common / dhcp-devel"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1457.NASL description An update for dhcp is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109843 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109843 title RHEL 7 : dhcp (RHSA-2018:1457) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:1457. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(109843); script_version("1.14"); script_cvs_date("Date: 2019/10/24 15:35:44"); script_cve_id("CVE-2018-1111"); script_xref(name:"RHSA", value:"2018:1457"); script_xref(name:"IAVA", value:"2018-A-0162"); script_name(english:"RHEL 7 : dhcp (RHSA-2018:1457)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for dhcp is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/vulnerabilities/3442151" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:1457" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-1111" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'DHCP Client Command Injection (DynoRoot)'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dhclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dhcp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dhcp-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dhcp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dhcp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dhcp-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/16"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7\.2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.2", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2018:1457"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", sp:"2", cpu:"x86_64", reference:"dhclient-4.2.5-42.el7_2.1")) flag++; if (rpm_check(release:"RHEL7", sp:"2", cpu:"x86_64", reference:"dhcp-4.2.5-42.el7_2.1")) flag++; if (rpm_check(release:"RHEL7", sp:"2", cpu:"x86_64", reference:"dhcp-common-4.2.5-42.el7_2.1")) flag++; if (rpm_check(release:"RHEL7", sp:"2", cpu:"i686", reference:"dhcp-debuginfo-4.2.5-42.el7_2.1")) flag++; if (rpm_check(release:"RHEL7", sp:"2", cpu:"x86_64", reference:"dhcp-debuginfo-4.2.5-42.el7_2.1")) flag++; if (rpm_check(release:"RHEL7", sp:"2", cpu:"i686", reference:"dhcp-devel-4.2.5-42.el7_2.1")) flag++; if (rpm_check(release:"RHEL7", sp:"2", cpu:"x86_64", reference:"dhcp-devel-4.2.5-42.el7_2.1")) flag++; if (rpm_check(release:"RHEL7", sp:"2", cpu:"i686", reference:"dhcp-libs-4.2.5-42.el7_2.1")) flag++; if (rpm_check(release:"RHEL7", sp:"2", cpu:"x86_64", reference:"dhcp-libs-4.2.5-42.el7_2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhclient / dhcp / dhcp-common / dhcp-debuginfo / dhcp-devel / etc"); } }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-1453.NASL description An update for dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109814 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109814 title CentOS 7 : dhcp (CESA-2018:1453) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:1453 and # CentOS Errata and Security Advisory 2018:1453 respectively. # include("compat.inc"); if (description) { script_id(109814); script_version("1.12"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2018-1111"); script_xref(name:"RHSA", value:"2018:1453"); script_xref(name:"IAVA", value:"2018-A-0162"); script_name(english:"CentOS 7 : dhcp (CESA-2018:1453)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue." ); # https://lists.centos.org/pipermail/centos-announce/2018-May/022831.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9178ebc5" ); script_set_attribute(attribute:"solution", value:"Update the affected dhcp packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1111"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'DHCP Client Command Injection (DynoRoot)'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dhclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dhcp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dhcp-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dhcp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dhcp-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/16"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"dhclient-4.2.5-68.el7.centos.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"dhcp-4.2.5-68.el7.centos.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"dhcp-common-4.2.5-68.el7.centos.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"dhcp-devel-4.2.5-68.el7.centos.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"dhcp-libs-4.2.5-68.el7.centos.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhclient / dhcp / dhcp-common / dhcp-devel / dhcp-libs"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-1453.NASL description From Red Hat Security Advisory 2018:1453 : An update for dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109826 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109826 title Oracle Linux 7 : dhcp (ELSA-2018-1453) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1459.NASL description An update for dhcp is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109845 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109845 title RHEL 6 : dhcp (RHSA-2018:1459) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1021.NASL description Command injection vulnerability in the DHCP client NetworkManager integration script : A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Amazon Linux 2. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Note: Amazon Linux 2 does not use NetworkManager by default, however it is recommended to install this update. last seen 2020-06-01 modified 2020-06-02 plugin id 110194 published 2018-05-30 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110194 title Amazon Linux 2 : dhcp (ALAS-2018-1021) NASL family Scientific Linux Local Security Checks NASL id SL_20180515_DHCP_ON_SL7_X.NASL description Security Fix(es) : - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Scientific Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) last seen 2020-03-18 modified 2018-05-16 plugin id 109850 published 2018-05-16 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109850 title Scientific Linux Security Update : dhcp on SL7.x x86_64 (20180515) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1525.NASL description An update for rhvm-appliance is now available for Red Hat Virtualization 4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhvm-appliance (4.2). (BZ#1558801, BZ#1563545) Security Fix(es) : * python-paramiko: Authentication bypass in transport.py (CVE-2018-7750) * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) * undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196) * jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) (CVE-2018-5968) * ovirt-engine: account enumeration through login to web console (CVE-2018-1073) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Chris McCown for reporting CVE-2018-8088. The CVE-2017-12196 issue was discovered by Jan Stourac (Red Hat). Enhancement(s) : * Previously, the default memory allotment for the RHV-M Virtual Appliance was always large enough to include support for user additions. In this release, the RHV-M Virtual Appliance includes a swap partition that enables the memory to be increased when required. (BZ#1422982) * Previously, the partitioning scheme for the RHV-M Virtual Appliance included two primary partitions, last seen 2020-06-01 modified 2020-06-02 plugin id 109910 published 2018-05-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109910 title RHEL 7 : Virtualization (RHSA-2018:1525) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0021_DHCP.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has dhcp packages installed that are affected by multiple vulnerabilities: - It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality. (CVE-2017-3144) - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127178 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127178 title NewStart CGSL CORE 5.04 / MAIN 5.04 : dhcp Multiple Vulnerabilities (NS-SA-2019-0021) NASL family Fedora Local Security Checks NASL id FEDORA_2018-36058ED9F2.NASL description fix for CVE-2018-1111 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-05-16 plugin id 109820 published 2018-05-16 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109820 title Fedora 27 : 12:dhcp (2018-36058ed9f2) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1454.NASL description An update for dhcp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109840 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109840 title RHEL 6 : dhcp (RHSA-2018:1454) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0042.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Added oracle-errwarn-message.patch - Resolves: #1570897 - Fix comamnd execution in NM script (CVE-2018-1111) - Resolves: #1550085 - CVE-2018-5733 Avoid reference overflow <[12:4.1.1-53.P1.2 - Resolves: #1550083 - CVE-2018-5732 Avoid options buffer overflow - Resolves: #1063217 - failover hangs with both potential-conflict last seen 2020-06-01 modified 2020-06-02 plugin id 109830 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109830 title OracleVM 3.3 / 3.4 : dhcp (OVMSA-2018-0042) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1458.NASL description An update for dhcp is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109844 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109844 title RHEL 6 : dhcp (RHSA-2018:1458) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1379.NASL description According to the versions of the dhcp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality.(CVE-2017-3144) - DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.(CVE-2018-1111) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124882 published 2019-05-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124882 title EulerOS Virtualization for ARM 64 3.0.1.0 : dhcp (EulerOS-SA-2019-1379) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1123.NASL description According to the versions of the dhcp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.(CVE-2018-1111) - ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.(CVE-2015-8605) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-05-29 plugin id 110127 published 2018-05-29 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110127 title EulerOS 2.0 SP2 : dhcp (EulerOS-SA-2018-1123) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1122.NASL description According to the versions of the dhcp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.(CVE-2018-1111) - ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.(CVE-2015-8605) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-05-29 plugin id 110126 published 2018-05-29 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110126 title EulerOS 2.0 SP1 : dhcp (EulerOS-SA-2018-1122) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1453.NASL description An update for dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109839 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109839 title RHEL 7 : dhcp (RHSA-2018:1453) NASL family Scientific Linux Local Security Checks NASL id SL_20180515_DHCP_ON_SL6_X.NASL description Security Fix(es) : - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Scientific Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) last seen 2020-03-18 modified 2018-05-16 plugin id 109849 published 2018-05-16 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109849 title Scientific Linux Security Update : dhcp on SL6.x i386/x86_64 (20180515) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-1454.NASL description An update for dhcp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109815 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109815 title CentOS 6 : dhcp (CESA-2018:1454) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1460.NASL description An update for dhcp is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109846 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109846 title RHEL 6 : dhcp (RHSA-2018:1460) NASL family Fedora Local Security Checks NASL id FEDORA_2018-23CA7A6798.NASL description fix for CVE-2018-1111 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120293 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120293 title Fedora 28 : 12:dhcp (2018-23ca7a6798) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1524.NASL description Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host last seen 2020-06-01 modified 2020-06-02 plugin id 109909 published 2018-05-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109909 title RHEL 7 : Virtualization (RHSA-2018:1524) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1455.NASL description An update for dhcp is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109841 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109841 title RHEL 7 : dhcp (RHSA-2018:1455) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0129_DHCP.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has dhcp packages installed that are affected by a vulnerability: - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127381 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127381 title NewStart CGSL MAIN 4.05 : dhcp Vulnerability (NS-SA-2019-0129) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1456.NASL description An update for dhcp is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109842 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109842 title RHEL 7 : dhcp (RHSA-2018:1456) NASL family Fedora Local Security Checks NASL id FEDORA_2018-5392896132.NASL description fix for CVE-2018-1111 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-05-17 plugin id 109874 published 2018-05-17 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109874 title Fedora 26 : 12:dhcp (2018-5392896132) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1188.NASL description According to the version of the dhcp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.(CVE-2018-1111) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-07-03 plugin id 110852 published 2018-07-03 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110852 title EulerOS 2.0 SP3 : dhcp (EulerOS-SA-2018-1188) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1461.NASL description An update for dhcp is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109847 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109847 title RHEL 6 : dhcp (RHSA-2018:1461) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1024.NASL description Command injection vulnerability in the DHCP client NetworkManager integration script A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Amazon Linux 2. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111 ) Note: As mentioned above, the fix for this issue is in the NetworkManager integration script included with the dhcp package. The severity of this advisory has been lowered to a low as the Amazon Linux AMI does not use NetworkManager. last seen 2020-06-01 modified 2020-06-02 plugin id 110198 published 2018-05-30 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110198 title Amazon Linux AMI : dhcp (ALAS-2018-1024)
Packetstorm
data source https://packetstormsecurity.com/files/download/147698/dynorootdhcp-exec.txt id PACKETSTORM:147698 last seen 2018-05-19 published 2018-05-18 reporter Kevin Kirsche source https://packetstormsecurity.com/files/147698/DynoRoot-DHCP-Command-Injection.html title DynoRoot DHCP Command Injection data source https://packetstormsecurity.com/files/download/148172/rhel_dhcp_client_command_injection.rb.txt id PACKETSTORM:148172 last seen 2018-06-13 published 2018-06-12 reporter Felix Wilhelm source https://packetstormsecurity.com/files/148172/DHCP-Client-Command-Injection-DynoRoot.html title DHCP Client Command Injection (DynoRoot)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Saint
bid | 104195 |
description | Red Hat DHCP client NetworkManager integration script command injection |
id | misc_dhcpnetman |
title | redhat_dhcp_client_networkmanager |
type | client |
Seebug
bulletinFamily | exploit |
description | Red Hat has been made aware of a command injection flaw found in a script included in the DHCP client (dhclient) packages in Red Hat Enterprise Linux 6 and 7. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol. ### Information The DHCP protocol is used to configure network related information in hosts from a central server. When a host is connected to a network, it can issue DHCP requests to fetch network configuration parameter such as IP address, default router IP, DNS servers, and more. The DHCP client package dhclient provided by Red Hat has a script /etc/NetworkManager/dispatcher.d/11-dhclient (in Red Hat Enterprise Linux 7) or /etc/NetworkManager/dispatcher.d/10-dhclient (in Red Hat Enterprise Linux 6) for the NetworkManager component, which is executed each time NetworkManager receives a DHCP response from a DHCP server. A malicious DHCP response could cause the script to execute arbitrary shell commands with root privileges. ### Impacted Products Red Hat Product Security has rated this issue (CVE-2018-1111) as having a security impact of Critical The following Red Hat product versions are impacted: * Red Hat Enterprise Linux Server 6 * Red Hat Enterprise Linux Server 7 |
id | SSV:97290 |
last seen | 2018-06-26 |
modified | 2018-05-16 |
published | 2018-05-16 |
reporter | My Seebug |
source | https://www.seebug.org/vuldb/ssvid-97290 |
title | DHCP Client Script Code Execution Vulnerability(CVE-2018-1111) |
The Hacker News
id | THN:5EF52673FFBE9DE255C1F2F387D2A84B |
last seen | 2018-05-15 |
modified | 2018-05-15 |
published | 2018-05-15 |
reporter | Mohit Kumar |
source | https://thehackernews.com/2018/05/linux-dhcp-hacking.html |
title | Red Hat Linux DHCP Client Found Vulnerable to Command Injection Attacks |
References
- http://www.securityfocus.com/bid/104195
- http://www.securityfocus.com/bid/104195
- http://www.securitytracker.com/id/1040912
- http://www.securitytracker.com/id/1040912
- https://access.redhat.com/errata/RHSA-2018:1453
- https://access.redhat.com/errata/RHSA-2018:1453
- https://access.redhat.com/errata/RHSA-2018:1454
- https://access.redhat.com/errata/RHSA-2018:1454
- https://access.redhat.com/errata/RHSA-2018:1455
- https://access.redhat.com/errata/RHSA-2018:1455
- https://access.redhat.com/errata/RHSA-2018:1456
- https://access.redhat.com/errata/RHSA-2018:1456
- https://access.redhat.com/errata/RHSA-2018:1457
- https://access.redhat.com/errata/RHSA-2018:1457
- https://access.redhat.com/errata/RHSA-2018:1458
- https://access.redhat.com/errata/RHSA-2018:1458
- https://access.redhat.com/errata/RHSA-2018:1459
- https://access.redhat.com/errata/RHSA-2018:1459
- https://access.redhat.com/errata/RHSA-2018:1460
- https://access.redhat.com/errata/RHSA-2018:1460
- https://access.redhat.com/errata/RHSA-2018:1461
- https://access.redhat.com/errata/RHSA-2018:1461
- https://access.redhat.com/errata/RHSA-2018:1524
- https://access.redhat.com/errata/RHSA-2018:1524
- https://access.redhat.com/security/vulnerabilities/3442151
- https://access.redhat.com/security/vulnerabilities/3442151
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/
- https://www.exploit-db.com/exploits/44652/
- https://www.exploit-db.com/exploits/44652/
- https://www.exploit-db.com/exploits/44890/
- https://www.exploit-db.com/exploits/44890/
- https://www.tenable.com/security/tns-2018-10
- https://www.tenable.com/security/tns-2018-10