OS-LINUX -- Snort has detected traffic targeting vulnerabilities in a Linux-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself.
OS-LINUX Red Hat NetworkManager DHCP client command injection attempt
This event is generated when an attempt to exploit a vulnerability in Red Hat's NetworkManager DHCP client is detected Impact: Attempted User Privilege Gain Details: The DHCP protocol is used to configure network related information in hosts from a central server. When a host is connected to a network, it can issue DHCP requests to fetch network configuration parameter such as IP address, default router IP, DNS servers, and more. The DHCP client package dhclient provided by Red Hat has a script /etc/NetworkManager/dispatcher.d/11-dhclient (in Red Hat Enterprise Linux 7) or /etc/NetworkManager/dispatcher.d/10-dhclient (in Red Hat Enterprise Linux 6) for the NetworkManager component, which is executed each time NetworkManager receives a DHCP response from a DHCP server. A malicious DHCP response could cause the script to execute arbitrary shell commands with root privileges. Ease of Attack: Medium
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2018-1111 |
Loading description
|