Bug 1093364 – VUL-0: CVE-2018-1111: dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script

Bug 1093364 - (CVE-2018-1111) VUL-0: CVE-2018-1111: dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script

(CVE-2018-1111)
Summary:	VUL-0: CVE-2018-1111: dhcp: Command injection vulnerability in the DHCP clien...

Status:	RESOLVED INVALID

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Major
Target Milestone:	---
Assigned To:	Reinhard Max
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/205835/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-05-15 13:46 UTC by Karol Babioch
Modified:	2018-05-15 13:47 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2018-05-15 13:46:22 UTC

rh#1567974

A command injection vulnerability was found in 11-dhclient script provided by dhcp-client located in /etc/NetworkManager/dispatcher.d/11-dhclient. Attacker in local network who is able to spoof DHCP responses or malicious DHCP server can execute arbitrary commands run with root privileges on client system by exploiting this vulnerability.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1567974
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1111

Comment 1 Karol Babioch 2018-05-15 13:47:03 UTC

The script seems to be shipped only by Red Hat (see http://vault.centos.org/7.4.1708/updates/Source/SPackages/dhcp-4.2.5-58.el7.centos.3.src.rpm), so we are not affected by this.