Vulnerabilities > CVE-2018-1111

047910
CVSS 7.5 - HIGH
Attack vector
ADJACENT_NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
high complexity
fedoraproject
redhat
nessus
exploit available
metasploit

Summary

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

Exploit-Db

  • descriptionDynoRoot DHCP Client - Command Injection. CVE-2018-1111. Local exploit for Linux platform
    fileexploits/linux/local/44652.py
    idEDB-ID:44652
    last seen2018-05-24
    modified2018-05-18
    platformlinux
    port
    published2018-05-18
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/44652/
    titleDynoRoot DHCP Client - Command Injection
    typelocal
  • descriptionDHCP Client - Command Injection (DynoRoot) (Metasploit). CVE-2018-1111. Remote exploit for Linux platform. Tags: Metasploit Framework (MSF), Remote
    fileexploits/linux/remote/44890.rb
    idEDB-ID:44890
    last seen2018-06-13
    modified2018-06-13
    platformlinux
    port
    published2018-06-13
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/44890/
    titleDHCP Client - Command Injection (DynoRoot) (Metasploit)
    typeremote

Metasploit

descriptionThis module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
idMSF:EXPLOIT/UNIX/DHCP/RHEL_DHCP_CLIENT_COMMAND_INJECTION
last seen2020-06-13
modified2018-08-27
published2018-05-18
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/dhcp/rhel_dhcp_client_command_injection.rb
titleDHCP Client Command Injection (DynoRoot)

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1454.NASL
    descriptionFrom Red Hat Security Advisory 2018:1454 : An update for dhcp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id109827
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109827
    titleOracle Linux 6 : dhcp (ELSA-2018-1454)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2018:1454 and 
    # Oracle Linux Security Advisory ELSA-2018-1454 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(109827);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/27 13:00:38");
    
      script_cve_id("CVE-2018-1111");
      script_xref(name:"RHSA", value:"2018:1454");
      script_xref(name:"IAVA", value:"2018-A-0162");
    
      script_name(english:"Oracle Linux 6 : dhcp (ELSA-2018-1454)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2018:1454 :
    
    An update for dhcp is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Critical. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The Dynamic Host Configuration Protocol (DHCP) is a protocol that
    allows individual devices on an IP network to get their own network
    configuration information, including an IP address, a subnet mask, and
    a broadcast address. The dhcp packages provide a relay agent and ISC
    DHCP service required to enable and administer DHCP on a network.
    
    Security Fix(es) :
    
    * A command injection flaw was found in the NetworkManager integration
    script included in the DHCP client packages in Red Hat Enterprise
    Linux. A malicious DHCP server, or an attacker on the local network
    able to spoof DHCP responses, could use this flaw to execute arbitrary
    commands with root privileges on systems using NetworkManager and
    configured to obtain network configuration using the DHCP protocol.
    (CVE-2018-1111)
    
    Red Hat would like to thank Felix Wilhelm (Google Security Team) for
    reporting this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2018-May/007730.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected dhcp packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'DHCP Client Command Injection (DynoRoot)');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dhclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dhcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dhcp-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dhcp-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/16");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"dhclient-4.1.1-53.P1.0.1.el6_9.4")) flag++;
    if (rpm_check(release:"EL6", reference:"dhcp-4.1.1-53.P1.0.1.el6_9.4")) flag++;
    if (rpm_check(release:"EL6", reference:"dhcp-common-4.1.1-53.P1.0.1.el6_9.4")) flag++;
    if (rpm_check(release:"EL6", reference:"dhcp-devel-4.1.1-53.P1.0.1.el6_9.4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhclient / dhcp / dhcp-common / dhcp-devel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1457.NASL
    descriptionAn update for dhcp is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id109843
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109843
    titleRHEL 7 : dhcp (RHSA-2018:1457)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:1457. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(109843);
      script_version("1.14");
      script_cvs_date("Date: 2019/10/24 15:35:44");
    
      script_cve_id("CVE-2018-1111");
      script_xref(name:"RHSA", value:"2018:1457");
      script_xref(name:"IAVA", value:"2018-A-0162");
    
      script_name(english:"RHEL 7 : dhcp (RHSA-2018:1457)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for dhcp is now available for Red Hat Enterprise Linux 7.2
    Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended
    Update Support, and Red Hat Enterprise Linux 7.2 Update Services for
    SAP Solutions.
    
    Red Hat Product Security has rated this update as having a security
    impact of Critical. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The Dynamic Host Configuration Protocol (DHCP) is a protocol that
    allows individual devices on an IP network to get their own network
    configuration information, including an IP address, a subnet mask, and
    a broadcast address. The dhcp packages provide a relay agent and ISC
    DHCP service required to enable and administer DHCP on a network.
    
    Security Fix(es) :
    
    * A command injection flaw was found in the NetworkManager integration
    script included in the DHCP client packages in Red Hat Enterprise
    Linux. A malicious DHCP server, or an attacker on the local network
    able to spoof DHCP responses, could use this flaw to execute arbitrary
    commands with root privileges on systems using NetworkManager and
    configured to obtain network configuration using the DHCP protocol.
    (CVE-2018-1111)
    
    Red Hat would like to thank Felix Wilhelm (Google Security Team) for
    reporting this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/vulnerabilities/3442151"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:1457"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1111"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'DHCP Client Command Injection (DynoRoot)');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dhclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dhcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dhcp-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dhcp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dhcp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dhcp-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/16");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7\.2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.2", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:1457";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", sp:"2", cpu:"x86_64", reference:"dhclient-4.2.5-42.el7_2.1")) flag++;
      if (rpm_check(release:"RHEL7", sp:"2", cpu:"x86_64", reference:"dhcp-4.2.5-42.el7_2.1")) flag++;
      if (rpm_check(release:"RHEL7", sp:"2", cpu:"x86_64", reference:"dhcp-common-4.2.5-42.el7_2.1")) flag++;
      if (rpm_check(release:"RHEL7", sp:"2", cpu:"i686", reference:"dhcp-debuginfo-4.2.5-42.el7_2.1")) flag++;
      if (rpm_check(release:"RHEL7", sp:"2", cpu:"x86_64", reference:"dhcp-debuginfo-4.2.5-42.el7_2.1")) flag++;
      if (rpm_check(release:"RHEL7", sp:"2", cpu:"i686", reference:"dhcp-devel-4.2.5-42.el7_2.1")) flag++;
      if (rpm_check(release:"RHEL7", sp:"2", cpu:"x86_64", reference:"dhcp-devel-4.2.5-42.el7_2.1")) flag++;
      if (rpm_check(release:"RHEL7", sp:"2", cpu:"i686", reference:"dhcp-libs-4.2.5-42.el7_2.1")) flag++;
      if (rpm_check(release:"RHEL7", sp:"2", cpu:"x86_64", reference:"dhcp-libs-4.2.5-42.el7_2.1")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhclient / dhcp / dhcp-common / dhcp-debuginfo / dhcp-devel / etc");
      }
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1453.NASL
    descriptionAn update for dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id109814
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109814
    titleCentOS 7 : dhcp (CESA-2018:1453)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:1453 and 
    # CentOS Errata and Security Advisory 2018:1453 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(109814);
      script_version("1.12");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2018-1111");
      script_xref(name:"RHSA", value:"2018:1453");
      script_xref(name:"IAVA", value:"2018-A-0162");
    
      script_name(english:"CentOS 7 : dhcp (CESA-2018:1453)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for dhcp is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Critical. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The Dynamic Host Configuration Protocol (DHCP) is a protocol that
    allows individual devices on an IP network to get their own network
    configuration information, including an IP address, a subnet mask, and
    a broadcast address. The dhcp packages provide a relay agent and ISC
    DHCP service required to enable and administer DHCP on a network.
    
    Security Fix(es) :
    
    * A command injection flaw was found in the NetworkManager integration
    script included in the DHCP client packages in Red Hat Enterprise
    Linux. A malicious DHCP server, or an attacker on the local network
    able to spoof DHCP responses, could use this flaw to execute arbitrary
    commands with root privileges on systems using NetworkManager and
    configured to obtain network configuration using the DHCP protocol.
    (CVE-2018-1111)
    
    Red Hat would like to thank Felix Wilhelm (Google Security Team) for
    reporting this issue."
      );
      # https://lists.centos.org/pipermail/centos-announce/2018-May/022831.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9178ebc5"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected dhcp packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1111");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'DHCP Client Command Injection (DynoRoot)');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dhclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dhcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dhcp-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dhcp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:dhcp-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/16");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"dhclient-4.2.5-68.el7.centos.1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"dhcp-4.2.5-68.el7.centos.1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"dhcp-common-4.2.5-68.el7.centos.1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"dhcp-devel-4.2.5-68.el7.centos.1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"dhcp-libs-4.2.5-68.el7.centos.1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhclient / dhcp / dhcp-common / dhcp-devel / dhcp-libs");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1453.NASL
    descriptionFrom Red Hat Security Advisory 2018:1453 : An update for dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id109826
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109826
    titleOracle Linux 7 : dhcp (ELSA-2018-1453)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1459.NASL
    descriptionAn update for dhcp is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id109845
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109845
    titleRHEL 6 : dhcp (RHSA-2018:1459)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1021.NASL
    descriptionCommand injection vulnerability in the DHCP client NetworkManager integration script : A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Amazon Linux 2. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Note: Amazon Linux 2 does not use NetworkManager by default, however it is recommended to install this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id110194
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110194
    titleAmazon Linux 2 : dhcp (ALAS-2018-1021)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180515_DHCP_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Scientific Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111)
    last seen2020-03-18
    modified2018-05-16
    plugin id109850
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109850
    titleScientific Linux Security Update : dhcp on SL7.x x86_64 (20180515)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1525.NASL
    descriptionAn update for rhvm-appliance is now available for Red Hat Virtualization 4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhvm-appliance (4.2). (BZ#1558801, BZ#1563545) Security Fix(es) : * python-paramiko: Authentication bypass in transport.py (CVE-2018-7750) * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) * undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196) * jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) (CVE-2018-5968) * ovirt-engine: account enumeration through login to web console (CVE-2018-1073) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Chris McCown for reporting CVE-2018-8088. The CVE-2017-12196 issue was discovered by Jan Stourac (Red Hat). Enhancement(s) : * Previously, the default memory allotment for the RHV-M Virtual Appliance was always large enough to include support for user additions. In this release, the RHV-M Virtual Appliance includes a swap partition that enables the memory to be increased when required. (BZ#1422982) * Previously, the partitioning scheme for the RHV-M Virtual Appliance included two primary partitions,
    last seen2020-06-01
    modified2020-06-02
    plugin id109910
    published2018-05-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109910
    titleRHEL 7 : Virtualization (RHSA-2018:1525)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0021_DHCP.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has dhcp packages installed that are affected by multiple vulnerabilities: - It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality. (CVE-2017-3144) - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127178
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127178
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : dhcp Multiple Vulnerabilities (NS-SA-2019-0021)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-36058ED9F2.NASL
    descriptionfix for CVE-2018-1111 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-05-16
    plugin id109820
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109820
    titleFedora 27 : 12:dhcp (2018-36058ed9f2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1454.NASL
    descriptionAn update for dhcp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id109840
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109840
    titleRHEL 6 : dhcp (RHSA-2018:1454)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0042.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Added oracle-errwarn-message.patch - Resolves: #1570897 - Fix comamnd execution in NM script (CVE-2018-1111) - Resolves: #1550085 - CVE-2018-5733 Avoid reference overflow <[12:4.1.1-53.P1.2 - Resolves: #1550083 - CVE-2018-5732 Avoid options buffer overflow - Resolves: #1063217 - failover hangs with both potential-conflict
    last seen2020-06-01
    modified2020-06-02
    plugin id109830
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109830
    titleOracleVM 3.3 / 3.4 : dhcp (OVMSA-2018-0042)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1458.NASL
    descriptionAn update for dhcp is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id109844
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109844
    titleRHEL 6 : dhcp (RHSA-2018:1458)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1379.NASL
    descriptionAccording to the versions of the dhcp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality.(CVE-2017-3144) - DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.(CVE-2018-1111) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124882
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124882
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : dhcp (EulerOS-SA-2019-1379)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1123.NASL
    descriptionAccording to the versions of the dhcp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.(CVE-2018-1111) - ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.(CVE-2015-8605) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-05-29
    plugin id110127
    published2018-05-29
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110127
    titleEulerOS 2.0 SP2 : dhcp (EulerOS-SA-2018-1123)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1122.NASL
    descriptionAccording to the versions of the dhcp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.(CVE-2018-1111) - ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.(CVE-2015-8605) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-05-29
    plugin id110126
    published2018-05-29
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110126
    titleEulerOS 2.0 SP1 : dhcp (EulerOS-SA-2018-1122)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1453.NASL
    descriptionAn update for dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id109839
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109839
    titleRHEL 7 : dhcp (RHSA-2018:1453)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180515_DHCP_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Scientific Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111)
    last seen2020-03-18
    modified2018-05-16
    plugin id109849
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109849
    titleScientific Linux Security Update : dhcp on SL6.x i386/x86_64 (20180515)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1454.NASL
    descriptionAn update for dhcp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id109815
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109815
    titleCentOS 6 : dhcp (CESA-2018:1454)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1460.NASL
    descriptionAn update for dhcp is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id109846
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109846
    titleRHEL 6 : dhcp (RHSA-2018:1460)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-23CA7A6798.NASL
    descriptionfix for CVE-2018-1111 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120293
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120293
    titleFedora 28 : 12:dhcp (2018-23ca7a6798)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1524.NASL
    descriptionUpdated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-01
    modified2020-06-02
    plugin id109909
    published2018-05-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109909
    titleRHEL 7 : Virtualization (RHSA-2018:1524)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1455.NASL
    descriptionAn update for dhcp is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id109841
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109841
    titleRHEL 7 : dhcp (RHSA-2018:1455)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0129_DHCP.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has dhcp packages installed that are affected by a vulnerability: - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127381
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127381
    titleNewStart CGSL MAIN 4.05 : dhcp Vulnerability (NS-SA-2019-0129)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1456.NASL
    descriptionAn update for dhcp is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id109842
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109842
    titleRHEL 7 : dhcp (RHSA-2018:1456)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-5392896132.NASL
    descriptionfix for CVE-2018-1111 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-05-17
    plugin id109874
    published2018-05-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109874
    titleFedora 26 : 12:dhcp (2018-5392896132)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1188.NASL
    descriptionAccording to the version of the dhcp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.(CVE-2018-1111) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-07-03
    plugin id110852
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110852
    titleEulerOS 2.0 SP3 : dhcp (EulerOS-SA-2018-1188)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1461.NASL
    descriptionAn update for dhcp is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es) : * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id109847
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109847
    titleRHEL 6 : dhcp (RHSA-2018:1461)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1024.NASL
    descriptionCommand injection vulnerability in the DHCP client NetworkManager integration script A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Amazon Linux 2. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111 ) Note: As mentioned above, the fix for this issue is in the NetworkManager integration script included with the dhcp package. The severity of this advisory has been lowered to a low as the Amazon Linux AMI does not use NetworkManager.
    last seen2020-06-01
    modified2020-06-02
    plugin id110198
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110198
    titleAmazon Linux AMI : dhcp (ALAS-2018-1024)

Packetstorm

Redhat

advisories
  • bugzilla
    id1567974
    titleCVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentdhcp-devel is earlier than 12:4.2.5-68.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20181453001
          • commentdhcp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100923002
        • AND
          • commentdhcp is earlier than 12:4.2.5-68.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20181453003
          • commentdhcp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100923004
        • AND
          • commentdhcp-libs is earlier than 12:4.2.5-68.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20181453005
          • commentdhcp-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20162590002
        • AND
          • commentdhcp-common is earlier than 12:4.2.5-68.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20181453007
          • commentdhcp-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111819004
        • AND
          • commentdhclient is earlier than 12:4.2.5-68.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20181453009
          • commentdhclient is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100923006
    rhsa
    idRHSA-2018:1453
    released2018-05-15
    severityCritical
    titleRHSA-2018:1453: dhcp security update (Critical)
  • bugzilla
    id1567974
    titleCVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentdhcp-devel is earlier than 12:4.1.1-53.P1.el6_9.4
            ovaloval:com.redhat.rhsa:tst:20181454001
          • commentdhcp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100923002
        • AND
          • commentdhcp is earlier than 12:4.1.1-53.P1.el6_9.4
            ovaloval:com.redhat.rhsa:tst:20181454003
          • commentdhcp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100923004
        • AND
          • commentdhcp-common is earlier than 12:4.1.1-53.P1.el6_9.4
            ovaloval:com.redhat.rhsa:tst:20181454005
          • commentdhcp-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111819004
        • AND
          • commentdhclient is earlier than 12:4.1.1-53.P1.el6_9.4
            ovaloval:com.redhat.rhsa:tst:20181454007
          • commentdhclient is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100923006
    rhsa
    idRHSA-2018:1454
    released2018-05-15
    severityCritical
    titleRHSA-2018:1454: dhcp security update (Critical)
  • rhsa
    idRHSA-2018:1455
  • rhsa
    idRHSA-2018:1456
  • rhsa
    idRHSA-2018:1457
  • rhsa
    idRHSA-2018:1458
  • rhsa
    idRHSA-2018:1459
  • rhsa
    idRHSA-2018:1460
  • rhsa
    idRHSA-2018:1461
  • rhsa
    idRHSA-2018:1524
rpms
  • dhclient-12:4.2.5-68.el7_5.1
  • dhcp-12:4.2.5-68.el7_5.1
  • dhcp-common-12:4.2.5-68.el7_5.1
  • dhcp-debuginfo-12:4.2.5-68.el7_5.1
  • dhcp-devel-12:4.2.5-68.el7_5.1
  • dhcp-libs-12:4.2.5-68.el7_5.1
  • dhclient-12:4.1.1-53.P1.el6_9.4
  • dhcp-12:4.1.1-53.P1.el6_9.4
  • dhcp-common-12:4.1.1-53.P1.el6_9.4
  • dhcp-debuginfo-12:4.1.1-53.P1.el6_9.4
  • dhcp-devel-12:4.1.1-53.P1.el6_9.4
  • dhclient-12:4.2.5-58.el7_4.4
  • dhcp-12:4.2.5-58.el7_4.4
  • dhcp-common-12:4.2.5-58.el7_4.4
  • dhcp-debuginfo-12:4.2.5-58.el7_4.4
  • dhcp-devel-12:4.2.5-58.el7_4.4
  • dhcp-libs-12:4.2.5-58.el7_4.4
  • dhclient-12:4.2.5-47.el7_3.1
  • dhcp-12:4.2.5-47.el7_3.1
  • dhcp-common-12:4.2.5-47.el7_3.1
  • dhcp-debuginfo-12:4.2.5-47.el7_3.1
  • dhcp-devel-12:4.2.5-47.el7_3.1
  • dhcp-libs-12:4.2.5-47.el7_3.1
  • dhclient-12:4.2.5-42.el7_2.1
  • dhcp-12:4.2.5-42.el7_2.1
  • dhcp-common-12:4.2.5-42.el7_2.1
  • dhcp-debuginfo-12:4.2.5-42.el7_2.1
  • dhcp-devel-12:4.2.5-42.el7_2.1
  • dhcp-libs-12:4.2.5-42.el7_2.1
  • dhclient-12:4.1.1-49.P1.el6_7.1
  • dhcp-12:4.1.1-49.P1.el6_7.1
  • dhcp-common-12:4.1.1-49.P1.el6_7.1
  • dhcp-debuginfo-12:4.1.1-49.P1.el6_7.1
  • dhcp-devel-12:4.1.1-49.P1.el6_7.1
  • dhclient-12:4.1.1-43.P1.el6_6.2
  • dhcp-12:4.1.1-43.P1.el6_6.2
  • dhcp-common-12:4.1.1-43.P1.el6_6.2
  • dhcp-debuginfo-12:4.1.1-43.P1.el6_6.2
  • dhcp-devel-12:4.1.1-43.P1.el6_6.2
  • dhclient-12:4.1.1-38.P1.el6_5.1
  • dhcp-12:4.1.1-38.P1.el6_5.1
  • dhcp-common-12:4.1.1-38.P1.el6_5.1
  • dhcp-debuginfo-12:4.1.1-38.P1.el6_5.1
  • dhcp-devel-12:4.1.1-38.P1.el6_5.1
  • dhclient-12:4.1.1-34.P1.el6_4.2
  • dhcp-12:4.1.1-34.P1.el6_4.2
  • dhcp-common-12:4.1.1-34.P1.el6_4.2
  • dhcp-debuginfo-12:4.1.1-34.P1.el6_4.2
  • dhcp-devel-12:4.1.1-34.P1.el6_4.2
  • imgbased-0:1.0.16-0.1.el7ev
  • ovirt-node-ng-nodectl-0:4.2.0-0.20170814.0.el7
  • python-imgbased-0:1.0.16-0.1.el7ev
  • redhat-release-virtualization-host-0:4.2-3.0.el7
  • redhat-virtualization-host-image-update-0:4.2-20180508.0.el7_5
  • redhat-virtualization-host-image-update-placeholder-0:4.2-3.0.el7
  • rhvm-appliance-2:4.2-20180504.0.el7

Saint

bid104195
descriptionRed Hat DHCP client NetworkManager integration script command injection
idmisc_dhcpnetman
titleredhat_dhcp_client_networkmanager
typeclient

Seebug

bulletinFamilyexploit
descriptionRed Hat has been made aware of a command injection flaw found in a script included in the DHCP client (dhclient) packages in Red Hat Enterprise Linux 6 and 7. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol. ### Information The DHCP protocol is used to configure network related information in hosts from a central server. When a host is connected to a network, it can issue DHCP requests to fetch network configuration parameter such as IP address, default router IP, DNS servers, and more. The DHCP client package dhclient provided by Red Hat has a script /etc/NetworkManager/dispatcher.d/11-dhclient (in Red Hat Enterprise Linux 7) or /etc/NetworkManager/dispatcher.d/10-dhclient (in Red Hat Enterprise Linux 6) for the NetworkManager component, which is executed each time NetworkManager receives a DHCP response from a DHCP server. A malicious DHCP response could cause the script to execute arbitrary shell commands with root privileges. ### Impacted Products Red Hat Product Security has rated this issue (CVE-2018-1111) as having a security impact of Critical The following Red Hat product versions are impacted: * Red Hat Enterprise Linux Server 6 * Red Hat Enterprise Linux Server 7
idSSV:97290
last seen2018-06-26
modified2018-05-16
published2018-05-16
reporterMy Seebug
sourcehttps://www.seebug.org/vuldb/ssvid-97290
titleDHCP Client Script Code Execution Vulnerability(CVE-2018-1111)

The Hacker News

idTHN:5EF52673FFBE9DE255C1F2F387D2A84B
last seen2018-05-15
modified2018-05-15
published2018-05-15
reporterMohit Kumar
sourcehttps://thehackernews.com/2018/05/linux-dhcp-hacking.html
titleRed Hat Linux DHCP Client Found Vulnerable to Command Injection Attacks

References