Red Hat has been made aware of a vulnerability affecting the DHCP client packages as shipped with Red Hat Enterprise Linux 6 and 7. This vulnerability CVE-2018-1111 was rated as having a security impact of Critical. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
Red Hat Enterprise Virtualization 4.1 includes the vulnerable components, but the default configuration is not impacted because NetworkManager is turned off in the Management Appliance, and not used in conjunction with DHCP in the Hypervisor. Customers can still obtain the updated packages from Red Hat Enterprise Linux channels using
yum update, or upgrade to Red Hat Enterprise Virtualization 4.2, which includes the fixed packages.
Red Hat Enterprise Virtualization 3.6 is not vulnerable as it does not use DHCP.
CVSS v3 metrics
|CVSS3 Base Score||7.5|
|CVSS3 Base Metrics||CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H|
|Attack Vector||Adjacent Network|
Red Hat Security Errata
|Red Hat Enterprise Linux Advanced Update Support 6.4 (dhcp)||RHSA-2018:1461||2018-05-15|
|Red Hat Enterprise Linux Extended Update Support 7.3 (dhcp)||RHSA-2018:1456||2018-05-15|
|Red Hat Enterprise Linux Advanced Update Support 6.6 (dhcp)||RHSA-2018:1459||2018-05-15|
|Red Hat Enterprise Linux 6 (dhcp)||RHSA-2018:1454||2018-05-15|
|Red Hat Enterprise Linux Extended Update Support 6.7 (dhcp)||RHSA-2018:1458||2018-05-15|
|Red Hat Enterprise Linux Advanced Update Support 7.2 (dhcp)||RHSA-2018:1457||2018-05-15|
|Red Hat Enterprise Linux Server TUS (v. 6.6) (dhcp)||RHSA-2018:1459||2018-05-15|
|Red Hat Enterprise Linux 7 (dhcp)||RHSA-2018:1453||2018-05-15|
|Red Hat Enterprise Linux Extended Update Support 7.4 (dhcp)||RHSA-2018:1455||2018-05-15|
|Red Hat Enterprise Linux Server Update Services for SAP Solutions 7.2 (dhcp)||RHSA-2018:1457||2018-05-15|
|Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhvm-appliance)||RHSA-2018:1525||2018-05-15|
|Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts||RHSA-2018:1524||2018-05-15|
|Red Hat Enterprise Linux Advanced Update Support 6.5 (dhcp)||RHSA-2018:1460||2018-05-15|
|Red Hat Enterprise Linux Server TUS (v. 7.2) (dhcp)||RHSA-2018:1457||2018-05-15|
Affected Packages State
|Red Hat Enterprise Linux 5||dhcp||Not affected|
AcknowledgementsRed Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
Please access https://access.redhat.com/security/vulnerabilities/3442151 for information on how to mitigate this issue.