iTnews

Dell support software leaks system information

By Juha Saarinen on Dec 3, 2015 7:04AM
Dell support software leaks system information

Uninstallation of Dell Foundation Services recommended.

IT giant Dell is shipping computers with support software that leaks extensive amounts of information about the systems it is preloaded on, researchers have found.

LizardHQ researcher "slipstream/RoL" discovered that the Dell Foundation Services application, used to provide information for customer support, also installs and activates a webserver on computers. The security research firm counts some former LulzSec hacktivists as members.

The webserver responds to queries on transmission control protocol (TCP) port 7779 - by issuing requests to the webserver, attackers can query Microsoft's Windows Management Instrumentation (WMI) utility to glean full information about a victim's system.

Information leaked via WMI, which is used for systems management, includes details of the computer hardware, software, running processses and services, which storage is accessible, file data such as their names, dates and sizes, and more.

Prior to the recently discovered information disclosure vulnerability, LizardHQ had found that the webserver would leak Dell service tags, which are hardcoded and unique for each system.

Dell addressed that vulnerability, but in doing so, made the web interface a simple object access protocol (SOAP) service, the researchers said.

Vulnerable systems connected to the internet can be found via the Shodan.io scanner, and the flaw can also be exploited via local area networks, according to LizardHQ.

LizardHQ recommends that Dell users uninstall the Dell Foundation Services software.

Earlier in November this year, Dell had to scramble to plug another serious vulnerability in its support software.

The company shipped a fake, eDellRoot certificate authority (CA) and included its private key, for SSL/TLS protected connections that web browsers would trust.

This created a vulnerability that could be used to silently intercept SSL/TLS encrypted communications as well as sign malicious code that would be trusted by the computer operating system.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
delldell foundation servicessecuritywindows management instrumentationwmi

Partner Content

Alienated from your own data? You’re not alone
Promoted Content Alienated from your own data? You’re not alone
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
5 essential digital transformation ideas
Promoted Content 5 essential digital transformation ideas
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • 11th Annual Fraud Prevention Summit 2022
  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Juha Saarinen
Dec 3 2015
7:04AM
0 Comments

Related Articles

  • Intel memory firmware bug hits hundreds of products
  • Password vulnerability fixed in Dell storage firmware
  • Dell ships patch for vulnerable filesystem
  • Millions of Dell computers shipped with vulnerable updater
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co sizes up six-figure customer exodus a year to fixed wireless

NBN Co sizes up six-figure customer exodus a year to fixed wireless

NBN Co to cut 160 applications under $200m IT simplification

NBN Co to cut 160 applications under $200m IT simplification

Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS

Digital Nation

COVER STORY: Data and IoT set digital agriculture on a sustainable future
COVER STORY: Data and IoT set digital agriculture on a sustainable future
Why do DeFi and DAOs matter to business?
Why do DeFi and DAOs matter to business?
COVER STORY: A Year in the Metaverse
COVER STORY: A Year in the Metaverse
Lendlease launches its own metaverse in Milan
Lendlease launches its own metaverse in Milan
CTO Juergen Mueller offers a glimpse into SAP's metaverse play
CTO Juergen Mueller offers a glimpse into SAP's metaverse play
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.