Command injection vulnerability in the DHCP client NetworkManager : CVE-2018-1111

A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

 

The script and package name slightly differs between Red Hat Enterprise Linux and Fedora versions:

– In Red Hat Enterprise Linux 6, the script is included in the dhclient package and is located in /etc/NetworkManager/dispatcher.d/10-dhclient

– In Red Hat Enterprise Linux 7, the script is included in the dhclient package and is located in /etc/NetworkManager/dispatcher.d/11-dhclient

– In the current Fedora versions, the script is included in the dhcp-client package and is located in /etc/NetworkManager/dispatcher.d/11-dhclient

 

Got the following updates from RedHat regarding this.

 

Red Hat has been made aware of a vulnerability affecting the DHCP client packages as shipped with Red Hat Enterprise Linux 6 and 7. This vulnerability CVE-2018-1111 was rated as having a security impact of Critical. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

 

Red Hat Enterprise Virtualization 4.1 includes the vulnerable components, but the default configuration is not impacted because NetworkManager is turned off in the Management Appliance, and not used in conjunction with DHCP in the Hypervisor. Customers can still obtain the updated packages from Red Hat Enterprise Linux channels using `yum update`, or upgrade to Red Hat Enterprise Virtualization 4.2, which includes the fixed packages.

Red Hat Enterprise Virtualization 3.6 is not vulnerable as it does not use DHCP.

You can get more details about this from here 3442151

As per the updates from RedHat you need to upgrade your packages to the latest version based on your operating system. For example, if you are using Red Hat Enterprise Linux 7.4 then you need to update the package dhclient to its latest version.

 

In order to list the installed packages and available updates, please use the following command.

yum list dhclient

In order to update the package, execute the following command.

yum update dhclient

If you have any questions about this please feel free to comment below. I will reply to it with my findings as soon as possible.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

five + four =