Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000176891

iSM: Dell EMC iDRAC Service Module Improper File Permission Vulnerability

Summary: Dell EMC guidance to mitigate risk and resolution for the Improper File Permission Vulnerability (CVE-2018-11053) for iDRAC Service Module version 3.0.1, 3.0.2, 3.1.0 and 3.2.0. For step by step procedures to resolve this vulnerability, refer to this guide. ...

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

CVE Identifier: CVE-2018-11053

Severity: Medium

Affected products: Dell EMC iDRAC Service Module 3.0.1, 3.0.2, 3.1.0, 3.2.0 (for all supported Linux and XenServer operating systems)

 

Summary:

 

Dell EMC iDRAC Service Module (iSM) has been updated to fix an improper file permission vulnerability that could potentially be exploited by malicious host operating system users or processes to compromise the affected system.

Details:

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions 3.0.1, 3.0.2, 3.1.0, 3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.

SLN310281_en_US__1icon iDRAC Service Module for Windows or VMWare ESXi is not affected by this issue
 
If the /etc/hosts file permissions are changed after patch upgrade they will be changed back to Linux default read-only permissions at each iSM service start regardless if the permissions were intentionally changed later.

The following Dell EMC iDRAC Service Module releases contain resolution to this vulnerability:

  • Dell EMC iDRAC Service Module 3.2.0.1 (for all supported Linux and XenServer operating systems)
  • Dell EMC iDRAC Service Module 3.1.0.1 (for all supported Linux and XenServer operating systems)

Dell EMC recommends upgrading at the earliest opportunity. Downloads for the applicable operating system are below:

Security patch for iSM 3.2.0
Security patch for iSM 3.1.0  

Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Cause

None

Resolution

See Symptoms section.

Article Properties

Affected Product

iDRAC Service Module 3.x, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12, Red Hat Enterprise Linux Version 6, Red Hat Enterprise Linux Version 7

Last Published Date

01 Sep 2023

Version

6

Article Type

Solution

Back to Top