CVE-2018-1111 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-1111 Interim 1 21 2024-04-01T00:30:23Z current 2021-05-30T14:06:53Z 2024-04-01T00:30:23Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-1111 DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 7 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 LTSS SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP3 dhclient-4.2.5-68.el7_5.1 dhcp dhcp-4.2.5-68.el7_5.1 dhcp-client dhcp-common-4.2.5-68.el7_5.1 dhcp-devel dhcp-devel-4.2.5-68.el7_5.1 dhcp-libs-4.2.5-68.el7_5.1 dhcp-relay dhcp-server dhclient-4.2.5-68.el7_5.1 as a component of SUSE Liberty Linux 7 dhcp-4.2.5-68.el7_5.1 as a component of SUSE Liberty Linux 7 dhcp-common-4.2.5-68.el7_5.1 as a component of SUSE Liberty Linux 7 dhcp-devel-4.2.5-68.el7_5.1 as a component of SUSE Liberty Linux 7 dhcp-libs-4.2.5-68.el7_5.1 as a component of SUSE Liberty Linux 7 dhcp as a component of SUSE Linux Enterprise Desktop 12 SP3 dhcp-client as a component of SUSE Linux Enterprise Desktop 12 SP3 dhcp as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata dhcp as a component of SUSE Linux Enterprise Server 11 SP3 LTSS dhcp as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata dhcp as a component of SUSE Linux Enterprise Server 11 SP4-LTSS dhcp-client as a component of SUSE Linux Enterprise Server 11 SP4-LTSS dhcp-relay as a component of SUSE Linux Enterprise Server 11 SP4-LTSS dhcp-server as a component of SUSE Linux Enterprise Server 11 SP4-LTSS dhcp as a component of SUSE Linux Enterprise Server 12 SP1-LTSS dhcp-client as a component of SUSE Linux Enterprise Server 12 SP1-LTSS dhcp-relay as a component of SUSE Linux Enterprise Server 12 SP1-LTSS dhcp-server as a component of SUSE Linux Enterprise Server 12 SP1-LTSS dhcp as a component of SUSE Linux Enterprise Server 12 SP2 dhcp-client as a component of SUSE Linux Enterprise Server 12 SP2 dhcp-relay as a component of SUSE Linux Enterprise Server 12 SP2 dhcp-server as a component of SUSE Linux Enterprise Server 12 SP2 dhcp as a component of SUSE Linux Enterprise Server 12 SP2-LTSS dhcp-client as a component of SUSE Linux Enterprise Server 12 SP2-LTSS dhcp-relay as a component of SUSE Linux Enterprise Server 12 SP2-LTSS dhcp-server as a component of SUSE Linux Enterprise Server 12 SP2-LTSS dhcp as a component of SUSE Linux Enterprise Server 12 SP3 dhcp-client as a component of SUSE Linux Enterprise Server 12 SP3 dhcp-relay as a component of SUSE Linux Enterprise Server 12 SP3 dhcp-server as a component of SUSE Linux Enterprise Server 12 SP3 dhcp-devel as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 dhcp as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 dhcp-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 dhcp as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 dhcp-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 dhcp as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. CVE-2018-1111 SUSE Liberty Linux 7:dhclient-4.2.5-68.el7_5.1 SUSE Liberty Linux 7:dhcp-4.2.5-68.el7_5.1 SUSE Liberty Linux 7:dhcp-common-4.2.5-68.el7_5.1 SUSE Liberty Linux 7:dhcp-devel-4.2.5-68.el7_5.1 SUSE Liberty Linux 7:dhcp-libs-4.2.5-68.el7_5.1 SUSE Linux Enterprise Desktop 12 SP3:dhcp SUSE Linux Enterprise Desktop 12 SP3:dhcp-client SUSE Linux Enterprise Server 11 SP1 for Teradata:dhcp SUSE Linux Enterprise Server 11 SP3 LTSS:dhcp SUSE Linux Enterprise Server 11 SP3 for Teradata:dhcp SUSE Linux Enterprise Server 11 SP4-LTSS:dhcp SUSE Linux Enterprise Server 11 SP4-LTSS:dhcp-client SUSE Linux Enterprise Server 11 SP4-LTSS:dhcp-relay SUSE Linux Enterprise Server 11 SP4-LTSS:dhcp-server SUSE Linux Enterprise Server 12 SP1-LTSS:dhcp SUSE Linux Enterprise Server 12 SP1-LTSS:dhcp-client SUSE Linux Enterprise Server 12 SP1-LTSS:dhcp-relay SUSE Linux Enterprise Server 12 SP1-LTSS:dhcp-server SUSE Linux Enterprise Server 12 SP2-LTSS:dhcp SUSE Linux Enterprise Server 12 SP2-LTSS:dhcp-client SUSE Linux Enterprise Server 12 SP2-LTSS:dhcp-relay SUSE Linux Enterprise Server 12 SP2-LTSS:dhcp-server SUSE Linux Enterprise Server 12 SP2:dhcp SUSE Linux Enterprise Server 12 SP2:dhcp-client SUSE Linux Enterprise Server 12 SP2:dhcp-relay SUSE Linux Enterprise Server 12 SP2:dhcp-server SUSE Linux Enterprise Server 12 SP3:dhcp SUSE Linux Enterprise Server 12 SP3:dhcp-client SUSE Linux Enterprise Server 12 SP3:dhcp-relay SUSE Linux Enterprise Server 12 SP3:dhcp-server SUSE Linux Enterprise Software Development Kit 11 SP4:dhcp SUSE Linux Enterprise Software Development Kit 11 SP4:dhcp-devel SUSE Linux Enterprise Software Development Kit 12 SP2:dhcp SUSE Linux Enterprise Software Development Kit 12 SP2:dhcp-devel SUSE Linux Enterprise Software Development Kit 12 SP3:dhcp SUSE Linux Enterprise Software Development Kit 12 SP3:dhcp-devel important 7.9 AV:A/AC:M/Au:N/C:C/I:C/A:C 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H