Red Hat, Inc. CWE-77

A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

https://access.redhat.com/errata/RHSA-2018:1525 [No Types Assigned]

https://access.redhat.com/security/cve/CVE-2018-1111 [No Types Assigned]

https://bugzilla.redhat.com/show_bug.cgi?id=1567974 [No Types Assigned]

Red Hat, Inc. CWE-77

CWE-77 / Assessment performed prior to CVMAP efforts

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

https://access.redhat.com/errata/RHSA-2018:1525 [No Types Assigned]

https://access.redhat.com/security/cve/CVE-2018-1111 [No Types Assigned]

https://bugzilla.redhat.com/show_bug.cgi?id=1567974 [No Types Assigned]

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/ [No Types Assigned]

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/ [No Types Assigned]

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/ [No Types Assigned]

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/ [Third Party Advisory]

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/ [Third Party Advisory]

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/ [Third Party Advisory]

Red Hat, Inc. AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Red Hat, Inc. CWE-77

CWE-77
CWE-77

CWE-78

OR
     *cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 [No Types Assigned]

https://www.tenable.com/security/tns-2018-10 [No Types Assigned]

OR
     *cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*
     *cpe:2.3:a:redhat:enterprise_virtualization:4.2:*:*:*:*:*:*:*
     *cpe:2.3:a:redhat:enterprise_virtualization_host:4.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux:6.4:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux:6.5:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux:6.6:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
   

OR
     *cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*
     *cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*
     *cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*

(AV:A/AC:M/Au:N/C:C/I:C/A:C)

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-77

http://www.securityfocus.com/bid/104195 No Types Assigned

http://www.securityfocus.com/bid/104195 Third Party Advisory, VDB Entry

http://www.securitytracker.com/id/1040912 No Types Assigned

http://www.securitytracker.com/id/1040912 Third Party Advisory, VDB Entry

https://access.redhat.com/errata/RHSA-2018:1453 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:1453 Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:1454 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:1454 Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:1455 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:1455 Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:1456 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:1456 Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:1457 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:1457 Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:1458 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:1458 Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:1459 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:1459 Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:1460 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:1460 Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:1461 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:1461 Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:1524 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:1524 Vendor Advisory

https://access.redhat.com/security/vulnerabilities/3442151 No Types Assigned

https://access.redhat.com/security/vulnerabilities/3442151 Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111 No Types Assigned

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111 Issue Tracking, Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/ No Types Assigned

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/ Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/ No Types Assigned

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/ Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/ No Types Assigned

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/ Third Party Advisory

https://www.exploit-db.com/exploits/44652/ No Types Assigned

https://www.exploit-db.com/exploits/44652/ Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/44890/ No Types Assigned

https://www.exploit-db.com/exploits/44890/ Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/44890/ [No Types Assigned]

http://www.securityfocus.com/bid/104195 [No Types Assigned]

https://www.exploit-db.com/exploits/44652/ [No Types Assigned]

http://www.securitytracker.com/id/1040912 [No Types Assigned]