vendor:
Enterprise Linux
by:
Kevin Kirsche
8.8
CVSS
HIGH
Command Injection
78
CWE
Product Name: Enterprise Linux
Affected Version From: RHEL 6.x / 7.x and CentOS 6.x/7.x
Affected Version To: RHEL 6.x / 7.x and CentOS 6.x/7.x
Patch Exists: YES
Related CWE: CVE-2018-1111
CPE: o:redhat:enterprise_linux:6
Metasploit:
https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp2-cve-2018-1111/, https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2018-1111/, https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp3-cve-2018-1111/, https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp1-cve-2018-1111/, https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2018-1111/, https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2018-1111/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2018-1111/, https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2018-1111/
Other Scripts:
N/A
Platforms Tested: CentOS Linux release 7.4.1708 (Core) / NetworkManager 1.8.0-11.el7_4
2018
DynoRoot DHCP – Client Command Injection
DynoRoot is a DHCP client command injection vulnerability that affects RHEL 6.x / 7.x and CentOS 6.x/7.x. It allows an attacker to inject arbitrary commands into a vulnerable DHCP client by sending a malicious DHCP response. The vulnerability was discovered by Felix Wilhelm and an exploit was developed by Kevin Kirsche.
Mitigation:
The vulnerability can be mitigated by applying the patch provided by Red Hat.
