CVE-2011-3590

CWE-3107 documents6 sources
Severity
5.7MEDIUM
EPSS
0.2%
top 62.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Kexec-tools
Timeline
PublishedFeb 15
Latest updateMay 17

Description

The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content.

CVSS vector

AV:A/AC:M/C:C/I:N/A:NExploitability: 5.5 | Impact: 6.9

Affected Packages1 packages

NVDredhat/kexec-tools1.102pre-126+1

🔴Vulnerability Details

2
GHSA
GHSA-22w6-gp78-84rc: The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 12022-05-17
CVEList
CVE-2011-3590: The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 12014-02-15

📋Vendor Advisories

2
Red Hat
kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images2011-10-05
Debian
CVE-2011-3590: kexec-tools - The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1...2011

💬Community

2
Bugzilla
CVE-2011-3588 CVE-2011-3589 CVE-2011-3590 kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images [fedora-all]2011-10-05
Bugzilla
CVE-2011-3588 CVE-2011-3589 CVE-2011-3590 kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images2011-06-24
CVE-2011-3590 (MEDIUM CVSS 5.7) | The Red Hat mkdumprd script for kex | cvebase.io