Published: 17/05/2018 Updated: 12/02/2023

CVSS v2 Base Score: 7.9 | Impact Score: 10 | Exploitability Score: 5.5

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 802

Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and previous versions are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject fedora 26
fedoraproject fedora 27
fedoraproject fedora 28
redhat enterprise linux desktop 7.0
redhat enterprise linux 7.4
redhat enterprise linux workstation 7.0
redhat enterprise linux 7.0
redhat enterprise linux 6.0
redhat enterprise linux server 7.0
redhat enterprise virtualization 4.0
redhat enterprise linux 7.2
redhat enterprise linux desktop 6.0
redhat enterprise linux 6.7
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0
redhat enterprise linux 7.3
redhat enterprise linux 6.4
redhat enterprise linux 6.5
redhat enterprise linux 6.6
redhat enterprise linux 7.5
redhat enterprise virtualization host 4.0
redhat enterprise virtualization 4.2

Command injection vulnerability in the DHCP client NetworkManager integration scriptA command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Amazon Linux 2 A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary co ...

Synopsis Critical: dhcp security update Type/Severity Security Advisory: Critical Topic An update for dhcp is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System ( ...

Synopsis Critical: dhcp security update Type/Severity Security Advisory: Critical Topic An update for dhcp is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System ( ...

Synopsis Critical: dhcp security update Type/Severity Security Advisory: Critical Topic An update for dhcp is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System ( ...

Synopsis Critical: dhcp security update Type/Severity Security Advisory: Critical Topic An update for dhcp is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update as having a secur ...

Synopsis Critical: dhcp security update Type/Severity Security Advisory: Critical Topic An update for dhcp is now available for Red Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System ( ...

Synopsis Critical: dhcp security update Type/Severity Security Advisory: Critical Topic An update for dhcp is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System ( ...

Synopsis Critical: dhcp security update Type/Severity Security Advisory: Critical Topic An update for dhcp is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, which gi ...

Synopsis Important: redhat-virtualization-host bug fix and enhancement update Type/Severity Security Advisory: Important Topic Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available Description The redhat-virtualization-host package ...

Synopsis Critical: dhcp security update Type/Severity Security Advisory: Critical Topic An update for dhcp is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP Solutions ...

Synopsis Important: rhvm-appliance security and enhancement update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for RHEL-7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerab ...

Synopsis Critical: dhcp security update Type/Severity Security Advisory: Critical Topic An update for dhcp is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, which gi ...

Command injection vulnerability in the DHCP client NetworkManager integration script:A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Amazon Linux 2 A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary c ...

A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured ...

The TenableCore Web Application Scanner Image v20180328 was found to contain a command injection flaw in a script included in the bundled DHCP client (dhclient) packageA malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using Ne ...

# Exploit Title: DynoRoot DHCP - Client Command Injection # Date: 2018-05-18 # Exploit Author: Kevin Kirsche # Exploit Repository: githubcom/kkirsche/CVE-2018-1111 # Exploit Discoverer: Felix Wilhelm # Vendor Homepage: wwwredhatcom/ # Version: RHEL 6x / 7x and CentOS 6x/7x # Tested on: CentOS Linux release 741708 (Core) / ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::DHCPServer def initialize(info = {}) super(update_info(info, 'Name' => 'DHCP ...

This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbi ...

DynoRoot DHCP suffers from a client command injection vulnerability ...

CLI tool for manipulating active rules in a Snort IDS rule file

idsparser idsparser is a CLI based python tool for interactively enabling and disabling Snort based IDS rules In short, idsparser offers the following key features: Passing a single rule file (community rules), or a directory of rule files (subscriber based rules) Passing a CSV (click here for formatting) of application names Any rules containing the app name will be enable

My Exp or Poc

Exp-or-Poc 对CVE或漏洞的应急响应，撰写的EXP以及POC (包含过去的CVE)，此部分用于应急响应的训练我的博客都会有相应的分析: wwwtr0ywang discuz 任意文件删除漏洞 CVE-2016-3714 CVE-2018-1111 JumpServer RCE(get log)

CVE-2018-1111 DynoRoot

CVE-2018-1111 CVE-2018-1111 DynoRoot

Environment for DynoRoot (CVE-2018-1111)

CVE-2018-1111 Environment for CVE-2018-1111 Movie Command docker-compose $ docker-compose up -d

DHCP exploitation with DynoRoot (CVE-2018-1111)

DynoRoot CVE-2018-1111 Final project for the course Advanced Ethical Hacking at KTH, Stockholm This project demonstrates a known vulnerability of Fedora and RedHat machines related to an unsafe client-side implementation of the Dynamic Host Configuration Protocol (DHCP) A rogue DHCP server can craft DHCP offers with a malicious payload that gets executed in a root shell on the

Red Hat admin? Get off Twitter and patch this DHCP client bug

The Register • Richard Chirgwin • 16 May 2018

Proof-of-concept fits in a Tweet and can take down all of RH's best bits

Red Hat has announced a critical vulnerability in its DHCP client and while it doesn't have a brand name it does have a Tweetable proof-of-concept. Discovered by Googler Felix Wilhelm, CVE-2018-1111 is a command injection bug in the Red Hat Enterprise Linux and derivative DHCP clients. Wilhelm Tweeted: “CVE 2018-1111 is a pretty bad DHCP remote root command injection affecting Red Hat derivates: https://access.redhat.com/security/vulnerabilities/3442151 …. Exploit fits in a tweet so you shou...

CVE-2018-1111

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect