Vulnerability CVE-2011-4190


Published: 2018-06-08

Description:
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
SUSE -> Suse linux enterprise desktop 
SUSE -> Suse linux enterprise server 
Opensuse -> Suse linux enterprise desktop 
Opensuse -> Suse linux enterprise server 

 References:
https://bugzilla.suse.com/show_bug.cgi?id=722440
https://www.suse.com/security/cve/CVE-2011-4190/

Copyright 2024, cxsecurity.com

 

Back to Top