Suse Kdump vulnerabilities

CVE-2011-4190 [MEDIUM] CWE-306 Missing verification of host key for kdump server Missing verification of host key for kdump server The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive

CVE-2011-3588 [MEDIUM] CWE-310 CVE-2011-3588: The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-to The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arb