Fork me on GitHub

[🦖#️⃣] DynoRoot!!!1111 - CVE-2018-1111

Powered by

DynoRoot!!!1111 (CVE-2018-1111) is a remote code execution vulnerability (as root) in Red Hat linux.

Hear Exploit Read Exploit Details


What is the CVE-2018-1111?

CVE-2018-1111 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE.

How does the attack work?

Please review the exploit song.

DynoRoot Request: PLEASE OWN ME
DynoRoot Response: HERE YOU ARE OWNED

Why is it called the DynoRoot bug?

A shell injection was found in the DYNamic host configuration protocOl client that gives you root.

What makes the DynoRoot bug unique?

In fact, all the boring normal bugs are way more important, just because there's a lot more of them. I don't think some spectacular security hole should be glorified or cared about as being any more "special" than a random spectacular crash due to bad locking.

Where can I find more information?

Red Hat.

How do I use this document?

This FAQ provides answers to some of the most frequently asked questions regarding the DynoRoot vulnerability. This is a living document and will be updated regularly at

Am I affected by the bug?


Can my antivirus detect or block this attack?

Although the attack can happen in different layers, antivirus signatures that detect DynoRoot could be developed. Due to the attack complexity, differentiating between legitimate use and attack cannot be done easily, but the attack may be detected by comparing the size of the binary against the size of the original binary. This implies that antivirus can be programmed to detect the attack but not to block it unless binaries are blocked altogether.

Is this an OpenSSL bug?


How can Red Hat be fixed?

Download the patches.

How do I uninstall Linux?

Please follow instructions.

Can I detect if someone has exploited this against me?

Exploitation of this bug does not leave any trace of anything abnormal happening to the logs.

Has this been exploited in the wild?

Probably not but the security community should deploy honeypots that entrap attackers and to alert about exploitation attempts.

Who found the DynoRoot vulnerability?

"Red Hat would like to thank Felix Wilhelm from the Google Security Team for reporting this flaw."

What's up with the song?

The song is not a virus, although it is very catchy and hard to stop singing or humming. Please listen at your own risk.

What's with the stupid (logo|website|twitter|github account)?

It would have been fantastic to eschew this ridiculousness, because we all make fun of branded vulnerabilities too, but this was not the right time to make that stand. So we created a website, a twitter account, and used a logo that a professional designer created.

What can be done to prevent this from happening in future?

The security community, we included, must learn to find these inevitable human mistakes sooner. Please support the development effort of software you trust your privacy to. Donate money to the FreeBSD project.

Is there a bright side to all this?

For those service providers who are affected, this is a good opportunity to upgrade security strength of the systems used. A lot of software gets updates which otherwise would have not been urgent. Although this is painful for the security community, we can rest assured that infrastructure of the cyber criminals and their secrets have been exposed as well.