CVE-2018-11053
MEDIUMDell Emc Idrac Service Module - Incorrect Permission Assignment
Title source: ruleDescription
Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104567
Patch, Vendor Advisory x_refsource_misc
http://www.dell.com/support/article/us/en/19/sln310281/ism-dell-emc-idrac-service-module-improper-file-permission-vulnerability?lang=en
Scores
CVSS v3
6.5
EPSS
0.0010
EPSS Percentile
26.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-732
Status
published
Products (4)
dell/emc_idrac_service_module
3.0.1
dell/emc_idrac_service_module
3.0.2
dell/emc_idrac_service_module
3.1.0
dell/emc_idrac_service_module
3.2.0
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026