Uncategorized

Dell iDRAC CVE-2016-5685, bash vulnerability (old news)

http://www.securiteam.com/securitynews/5XP3B0UKUU.html

SecuriTeam confused me by reposting a 2016 Dell iDDRAC vulnerability today, but I don’t see anything new. Just in case you weren’t aware of this issue, and you have a Dell system, here’s info on this older vulnerability, see the last link for a PDF-based response from the Dell iDRAC team.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5685
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5685
http://www.securityfocus.com/bid/94585
http://en.community.dell.com/techcenter/extras/m/white_papers/20443326

Dell iDRAC team’s response to Common Vulnerabilities and Exposures (CVE) ID CVE-2016-5685 [16 November 2016]
Summary: an authenticated user could gain Bash shell access through a string injection.
Dell Response: update to the latest iDRAC firmware, which remediates this potential vulnerability.

 

Standard

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s