[Forgot Password]
Login  Register Subscribe

24547

 
 

132763

 
 

126348

 
 

909

 
 

102767

 
 

150

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2018-1111Date: (C)2018-05-18   (M)2018-09-27


DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 7.9
Exploit Score: 1.6Exploit Score: 5.5
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: ADJACENT_NETWORKAccess Vector: ADJACENT_NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1040912
BID-104195
EXPLOIT-DB-44652
EXPLOIT-DB-44890
FEDORA-2018-23ca7a6798
FEDORA-2018-36058ed9f2
FEDORA-2018-5392896132
RHSA-2018:1453
RHSA-2018:1454
RHSA-2018:1455
RHSA-2018:1456
RHSA-2018:1457
RHSA-2018:1458
RHSA-2018:1459
RHSA-2018:1460
RHSA-2018:1461
RHSA-2018:1524
https://access.redhat.com/security/vulnerabilities/3442151
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111
https://www.tenable.com/security/tns-2018-10

CPE    8
cpe:/o:redhat:enterprise_linux:7.0
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux_server:6.0
cpe:/o:redhat:enterprise_linux_server:7.0
...
CWE    1
CWE-77
OVAL    11
oval:org.secpod.oval:def:502290
oval:org.secpod.oval:def:1600891
oval:org.secpod.oval:def:114513
oval:org.secpod.oval:def:1700041
...

© SecPod Technologies