Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.7
CVSSv2

CVE-2011-3588

Published: 15/02/2014 Updated: 06/03/2014
CVSS v2 Base Score: 5.7 | Impact Score: 6.9 | Exploitability Score: 5.5
VMScore: 507
Vector: AV:A/AC:M/Au:N/C:C/I:N/A:N
Subscribe to Kexec-tools

Vulnerability Summary

The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x prior to 1.102pre-154 and 2.x prior to 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle malicious users to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat kexec-tools

Vendor Advisories

Red Hat: Moderate: kexec-tools security, bug fix, and enhancement update
Synopsis Moderate: kexec-tools security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An updated kexec-tools package that resolves three security issues, fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 5The Red Hat Security R ...
Red Hat: Moderate: kexec-tools security, bug fix, and enhancement update
Synopsis Moderate: kexec-tools security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An updated kexec-tools package that fixes three security issues, variousbugs, and adds enhancements is now available for Red HatEnterprise Linux 6The Red Hat Security Response Team has r ...

References

CWE-310https://bugzilla.redhat.com/show_bug.cgi?id=716439http://rhn.redhat.com/errata/RHSA-2011-1532.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0152.htmlhttps://access.redhat.com/errata/RHSA-2012:0152https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook