All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Security Advisory: Dell Foundation Services Remote Information Disclosure (II)
Round two three four!
Dell Foundation Services starts an HTTPd that listens on port 7779. The previous service tag leak was fixed by removing the JSONP API.
However, the webservice in question is still available; it is now a SOAP service, and all methods of that webservice can be accessed, not just the ServiceTag method.
One of the methods accessible is List GetWmiCollection(string wmiQuery) - this returns the results of a given Windows Management Instrumentation (WMI) query, enabling access to information about hardware, installed software, running processes, installed services, accessible hard disks, filesystem metadata (filenames, file size, dates) and more.
So yeah, they've made it worse. Figured people here would like to know
More: http://lizardhq.org/2015/12/01/dell-foundation-services.2.html
Comments
What servers would this be on? IDrac?
Ah, I should've been clearer about that, I guess. The issues with Dell Foundation Services have been found on laptops - I don't know whether it affects servers at all. It's the same class of issues as the two rogue certificates and the service tag leak.
Great. My server is also a dell one on windows. Idrac6 is beneath windows.
Thanks for the clarification, I don't personally have any dell laptops so I don't think I am affected. "yeah!"
Fuck
I'm more concerned about the complete lack of information about "Dell Foundation Services" both on Dell's website and Google in general. I found a thread about people asking what it was on Dell's forums and through piecing together a bunch of posts from people essentially reverse engineering some things I was able to figure out it doesn't appear to be server related and is limited to Windows OSes. Thanks Dell! Love your servers but hate your (lack of) documentation!
If you've used an image provided by dell or their automatic driver installation program, you're infected with the described malware.
Who doesn't rip all this crap out of the OS immediately after setup?
Will re-install OS on a Dell lappie asap. Thx!
Some shit (like the SSL certificate provided by Superfish malware or eDellRoot malware) will be left behind if the host program is installed.
First step when buying a new computer with OEM Windows installed is always formatting it (and removing any vendor partitions) and installing a proper Windows or Linux.
This is why you don't just run Windows ...
oh dear, I agree with @singsing on something
Can you give an example on how to use this?
wmic('','');
An example with 127.0.0.1 ? Want to try this out on my friends IP and freak him out :P