CVE-2011-3589

CWE-3107 documents6 sources
Severity
5.7MEDIUM
EPSS
0.1%
top 67.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Kexec-tools
Timeline
PublishedFeb 15
Latest updateMay 17

Description

The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key.

CVSS vector

AV:A/AC:M/C:C/I:N/A:NExploitability: 5.5 | Impact: 6.9

Affected Packages1 packages

NVDredhat/kexec-tools1.102pre-126+1

🔴Vulnerability Details

2
GHSA
GHSA-r3g9-j8c8-9p7g: The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 12022-05-17
CVEList
CVE-2011-3589: The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 12014-02-15

📋Vendor Advisories

2
Red Hat
kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images2011-10-05
Debian
CVE-2011-3589: kexec-tools - The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1...2011

💬Community

2
Bugzilla
CVE-2011-3588 CVE-2011-3589 CVE-2011-3590 kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images [fedora-all]2011-10-05
Bugzilla
CVE-2011-3588 CVE-2011-3589 CVE-2011-3590 kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images2011-06-24
CVE-2011-3589 (MEDIUM CVSS 5.7) | The Red Hat mkdumprd script for kex | cvebase.io