Red Hat DHCP client NetworkManager integration script command injection

Added: 05/18/2018
CVE: CVE-2018-1111
BID: 104195

Background

The DHCP client on Red Hat Enterprise Linux includes a script which provides integration with the NetworkManager subsystem.

Problem

A command injection vulnerability in the NetworkManager integration script could allow arbitrary command execution when the affected system receives a specially crafted response from a malicious DHCP server on the local network.

Resolution

Upgrade to the latest dhclient package from your Linux vendor.

References

https://access.redhat.com/security/vulnerabilities/3442151
https://thehackernews.com/2018/05/linux-dhcp-hacking.html

Limitations

A vulnerable target on the same network as the SAINTexploit host must send out a DHCP request in order for this exploit to succeed.

Warning: running this exploit could cause connectivity problems for other hosts on the network if the parameters aren't properly configured.

This exploit requires dnsmasq to be installed on the SAINTexploit host. It attempts to install it if not already installed.

Platforms

Linux

Back to exploit index