CVE-2018-11053

Name of the Vulnerable Software and Affected Versions Dell EMC iDRAC Service Module versions v3.0.1, v3.0.2, v3.1.0, v3.2.0

Description The issue allows a malicious low privileged operating system user or process to modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content. This occurs because the Dell EMC iDRAC Service Module changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable when started.

Recommendations For versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, consider changing the file permission of the /etc/hosts file to prevent world writable access until a patch is available. As a temporary workaround, restrict access to the /etc/hosts file to minimize the risk of exploitation.