iSM: Dell EMC iDRAC Service Module Improper File Permission Vulnerability
CVE-2018-11053

6.6MEDIUM

Key Information:

Vendor

Dell
Status
Idrac Service Module
Vendor
CVE Published:
26 June 2018

What is CVE-2018-11053?

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iDRAC Service Module 3.0.1

iDRAC Service Module 3.0.2

iDRAC Service Module 3.1.0

References

http://www.securityfocus.com/bid/104567
vdb-entryx_refsource_BID
http://www.dell.com/support/article/us/en/19/sln310281/is...
x_refsource_MISC

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
6.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.