A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
We can check for NetworkManager via the presence of RPM package “NetworkManager”, and check for a running daemon via
~]# service NetworkManager status
NetworkManager (pid 1527) is running...
(in my environment we don’t have NetworkManager installed so I cannot verify the command line or what it’s actual process name would be for a Relevance check)
(names of it,
pid of it,
name of user of it|"",
(pathname of image files of it) | (“no path”) ,
(version of image files of it) as string | (“no version”) )
of processes whose (name of it contains “NetworkManager")
(names of it, version of it) of packages whose (version of it < "4.1.1" as version and (name of it contains "Network" or Name of it contains "dhcp")) of rpm
or if you are using this in a fixlet or task: exists packages whose (version of it < "4.1.1" as version and (name of it contains "Network" or Name of it contains "dhcp")) of rpm
Content was released for this CVE back in May, soon after the patches were made available. Search for Errata RHSA-2018:1453 and RHSA-2018:1454 in the console/WebUI.