CVE-2018-1111

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Linux versions 6 and 7 Fedora versions 28 and earlier

Description: The issue is related to a command injection flaw in the NetworkManager integration script included in the DHCP client packages. This flaw can be exploited by a malicious DHCP server or an attacker on the local network who can spoof DHCP responses, allowing them to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. The vulnerability is caused by insufficient input data sanitization.

Recommendations: For Red Hat Enterprise Linux versions 6 and 7, consider disabling the NetworkManager integration script until a patch is available. For Fedora versions 28 and earlier, restrict the use of the DHCP client packages to minimize the risk of exploitation. As a temporary workaround, avoid using the DHCP protocol to obtain network configuration until the issue is resolved.