Red Hat Customer Portal

Skip to main content

CVE-2011-3588

The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key.

Details Source

Mitre

Public Date

2011-10-05 00:00:00

Impact

Moderate

Bugzilla

CVE-2011-3588 CVE-2011-3589 CVE-2011-3590 kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images

Bugzilla ID

716 439

CVSS Status

verified

Base Score

5.70

Base Metrics

AV:A/AC:M/Au:N/C:C/I:N/A:N

Acknowledgements

Red Hat would like to thank Kevan Carstensen for reporting this issue.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (kexec-tools) RHSA-2012:0152 2012-02-21
Red Hat Enterprise Linux 6 (kexec-tools) RHSA-2011:1532 2011-12-05