(RHSA-2018:1454) Critical: dhcp security update

2018-05-1512:14:46

access.redhat.com

7.5 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.

Security Fix(es):

A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111)

Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64dhclient< 4.1.1-53.P1.el6_9.4dhclient-4.1.1-53.P1.el6_9.4.x86_64.rpm
RedHat6s390xdhcp-devel< 4.1.1-53.P1.el6_9.4dhcp-devel-4.1.1-53.P1.el6_9.4.s390x.rpm
RedHat6ppcdhcp-debuginfo< 4.1.1-53.P1.el6_9.4dhcp-debuginfo-4.1.1-53.P1.el6_9.4.ppc.rpm
RedHat6s390dhcp-debuginfo< 4.1.1-53.P1.el6_9.4dhcp-debuginfo-4.1.1-53.P1.el6_9.4.s390.rpm
RedHat6s390xdhclient< 4.1.1-53.P1.el6_9.4dhclient-4.1.1-53.P1.el6_9.4.s390x.rpm
RedHat6i686dhcp-debuginfo< 4.1.1-53.P1.el6_9.4dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm
RedHat6s390xdhcp-common< 4.1.1-53.P1.el6_9.4dhcp-common-4.1.1-53.P1.el6_9.4.s390x.rpm
RedHat6x86_64dhcp-common< 4.1.1-53.P1.el6_9.4dhcp-common-4.1.1-53.P1.el6_9.4.x86_64.rpm
RedHat6x86_64dhcp-devel< 4.1.1-53.P1.el6_9.4dhcp-devel-4.1.1-53.P1.el6_9.4.x86_64.rpm
RedHat6s390xdhcp-debuginfo< 4.1.1-53.P1.el6_9.4dhcp-debuginfo-4.1.1-53.P1.el6_9.4.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	x86_64	dhclient	< 4.1.1-53.P1.el6_9.4	dhclient-4.1.1-53.P1.el6_9.4.x86_64.rpm
RedHat	6	s390x	dhcp-devel	< 4.1.1-53.P1.el6_9.4	dhcp-devel-4.1.1-53.P1.el6_9.4.s390x.rpm
RedHat	6	ppc	dhcp-debuginfo	< 4.1.1-53.P1.el6_9.4	dhcp-debuginfo-4.1.1-53.P1.el6_9.4.ppc.rpm
RedHat	6	s390	dhcp-debuginfo	< 4.1.1-53.P1.el6_9.4	dhcp-debuginfo-4.1.1-53.P1.el6_9.4.s390.rpm
RedHat	6	s390x	dhclient	< 4.1.1-53.P1.el6_9.4	dhclient-4.1.1-53.P1.el6_9.4.s390x.rpm
RedHat	6	i686	dhcp-debuginfo	< 4.1.1-53.P1.el6_9.4	dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm
RedHat	6	s390x	dhcp-common	< 4.1.1-53.P1.el6_9.4	dhcp-common-4.1.1-53.P1.el6_9.4.s390x.rpm
RedHat	6	x86_64	dhcp-common	< 4.1.1-53.P1.el6_9.4	dhcp-common-4.1.1-53.P1.el6_9.4.x86_64.rpm
RedHat	6	x86_64	dhcp-devel	< 4.1.1-53.P1.el6_9.4	dhcp-devel-4.1.1-53.P1.el6_9.4.x86_64.rpm
RedHat	6	s390x	dhcp-debuginfo	< 4.1.1-53.P1.el6_9.4	dhcp-debuginfo-4.1.1-53.P1.el6_9.4.s390x.rpm