CVE Identifier: CVE-2018-11053
Severity: Medium
Affected products: Dell EMC iDRAC Service Module 3.0.1, 3.0.2, 3.1.0, 3.2.0 (for all supported Linux and XenServer operating systems)
Summary:
Dell EMC iDRAC Service Module (iSM) has been updated to fix an improper file permission vulnerability that could potentially be exploited by malicious host operating system users or processes to compromise the affected system.
Details:
Dell EMC iDRAC Service Module for all supported Linux and XenServer versions 3.0.1, 3.0.2, 3.1.0, 3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.
The following Dell EMC iDRAC Service Module releases contain resolution to this vulnerability:
Dell EMC recommends upgrading at the earliest opportunity. Downloads for the applicable operating system are below:
Security patch for iSM 3.2.0Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.