Red Hat DHCP client NetworkManager integration script command injection

2018-05-18T00:00:00
ID SAINT:7E62985F7ECA8ECA0E5491AB646D5F88
Type saint
Reporter SAINT Corporation
Modified 2018-05-18T00:00:00

Description

Added: 05/18/2018
CVE: CVE-2018-1111
BID: 104195

Background

The DHCP client on Red Hat Enterprise Linux includes a script which provides integration with the NetworkManager subsystem.

Problem

A command injection vulnerability in the NetworkManager integration script could allow arbitrary command execution when the affected system receives a specially crafted response from a malicious DHCP server on the local network.

Resolution

Upgrade to the latest **dhclient** package from your Linux vendor.

References

<https://access.redhat.com/security/vulnerabilities/3442151>
<https://thehackernews.com/2018/05/linux-dhcp-hacking.html>

Limitations

A vulnerable target on the same network as the SAINTexploit host must send out a DHCP request in order for this exploit to succeed.

Warning: running this exploit could cause connectivity problems for other hosts on the network if the parameters aren't properly configured.

This exploit requires dnsmasq to be installed on the SAINTexploit host. It attempts to install it if not already installed.

Platforms

Linux