CVE-2011-3588

CWE-3107 documents6 sources
Severity
5.7MEDIUM
EPSS
0.2%
top 62.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse KdumpRedhat Kexec-tools
Timeline
PublishedFeb 15
Latest updateMay 17

Description

The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key.

CVSS vector

AV:A/AC:M/C:C/I:N/A:NExploitability: 5.5 | Impact: 6.9

Affected Packages2 packages

NVDredhat/kexec-tools1.102pre-126+1
CVEListV5suse/kdumpunspecified2012-01-20

🔴Vulnerability Details

2
GHSA
GHSA-26mg-g7xm-c7ph: The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 12022-05-17
CVEList
CVE-2011-3588: The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 12014-02-15

📋Vendor Advisories

2
Red Hat
kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images2011-10-05
Debian
CVE-2011-3588: kexec-tools - The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distrib...2011

💬Community

2
Bugzilla
CVE-2011-3588 CVE-2011-3589 CVE-2011-3590 kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images [fedora-all]2011-10-05
Bugzilla
CVE-2011-3588 CVE-2011-3589 CVE-2011-3590 kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images2011-06-24
CVE-2011-3588 (MEDIUM CVSS 5.7) | The SSH configuration in the Red Ha | cvebase.io