Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.
References
Link | Resource |
---|---|
http://www.dell.com/support/article/us/en/19/sln310281/ism-dell-emc-idrac-service-module-improper-file-permission-vulnerability?lang=en | Patch Vendor Advisory |
http://www.securityfocus.com/bid/104567 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
10 Jun 2021, 12:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:* |
Information
Published : 2018-06-26 22:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-11053
Mitre link : CVE-2018-11053
CVE.ORG link : CVE-2018-11053
JSON object : View
Products Affected
suse
- suse_linux_enterprise_server
dell
- emc_idrac_service_module
redhat
- enterprise_linux
citrix
- xenserver
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource