2017-12-04 03:02:28 -05:00
{
2018-05-17 12:19:17 -04:00
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com" ,
"ID" : "CVE-2018-1111" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
2018-05-17 11:41:50 -03:00
{
2018-05-17 12:19:17 -04:00
"product" : {
"product_data" : [
{
"product_name" : "dhcp" ,
"version" : {
"version_data" : [
{
"version_value" : "Red Hat Enterprise Linux 6"
} ,
{
"version_value" : "Red Hat Enterprise Linux 7"
}
]
}
}
]
} ,
"vendor_name" : "Red Hat"
} ,
2018-05-17 11:41:50 -03:00
{
2018-05-17 12:19:17 -04:00
"product" : {
"product_data" : [
{
"product_name" : "dhcp" ,
"version" : {
"version_data" : [
{
"version_value" : "Fedora 28"
}
]
}
}
]
} ,
"vendor_name" : "Fedora"
2018-05-17 11:41:50 -03:00
}
2018-05-17 12:19:17 -04:00
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol."
}
]
} ,
"impact" : {
"cvss" : [
[
2018-05-17 11:41:50 -03:00
{
2018-05-17 12:19:17 -04:00
"vectorString" : "7.5/CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
"version" : "3.0"
2018-05-17 11:41:50 -03:00
}
2018-05-17 12:19:17 -04:00
]
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-77"
}
]
}
]
} ,
"references" : {
"reference_data" : [
2018-05-20 06:03:54 -04:00
{
"name" : "44652" ,
"refsource" : "EXPLOIT-DB" ,
"url" : "https://www.exploit-db.com/exploits/44652/"
} ,
2018-06-15 06:02:48 -04:00
{
"name" : "44890" ,
"refsource" : "EXPLOIT-DB" ,
"url" : "https://www.exploit-db.com/exploits/44890/"
} ,
2018-05-17 12:19:17 -04:00
{
"name" : "https://access.redhat.com/security/vulnerabilities/3442151" ,
"refsource" : "CONFIRM" ,
"url" : "https://access.redhat.com/security/vulnerabilities/3442151"
} ,
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111" ,
"refsource" : "CONFIRM" ,
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111"
} ,
2018-07-06 06:03:10 -04:00
{
"name" : "https://www.tenable.com/security/tns-2018-10" ,
"refsource" : "CONFIRM" ,
"url" : "https://www.tenable.com/security/tns-2018-10"
} ,
2018-11-30 16:05:15 -05:00
{
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" ,
"refsource" : "CONFIRM" ,
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
} ,
2018-05-17 12:19:17 -04:00
{
"name" : "FEDORA-2018-23ca7a6798" ,
"refsource" : "FEDORA" ,
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/"
} ,
{
"name" : "FEDORA-2018-36058ed9f2" ,
"refsource" : "FEDORA" ,
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/"
} ,
{
"name" : "FEDORA-2018-5392896132" ,
"refsource" : "FEDORA" ,
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/"
} ,
{
"name" : "RHSA-2018:1453" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:1453"
} ,
{
"name" : "RHSA-2018:1454" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:1454"
} ,
{
"name" : "RHSA-2018:1455" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:1455"
} ,
{
"name" : "RHSA-2018:1456" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:1456"
} ,
{
"name" : "RHSA-2018:1457" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:1457"
} ,
{
"name" : "RHSA-2018:1458" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:1458"
} ,
{
"name" : "RHSA-2018:1459" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:1459"
} ,
{
"name" : "RHSA-2018:1460" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:1460"
} ,
{
"name" : "RHSA-2018:1461" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:1461"
} ,
{
"name" : "RHSA-2018:1524" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:1524"
2018-05-19 06:05:05 -04:00
} ,
2018-05-20 06:03:54 -04:00
{
"name" : "104195" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/104195"
} ,
2018-05-19 06:05:05 -04:00
{
"name" : "1040912" ,
"refsource" : "SECTRACK" ,
"url" : "http://www.securitytracker.com/id/1040912"
2018-05-17 12:19:17 -04:00
}
]
}
2017-12-04 03:02:28 -05:00
}