The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).
References
Link | Resource |
---|---|
https://www.suse.com/security/cve/CVE-2011-4190/ | Vendor Advisory |
https://bugzilla.suse.com/show_bug.cgi?id=722440 | Issue Tracking |
Configurations
Configuration 1 (hide)
|
Information
Published : 2018-06-08 10:29
Updated : 2019-10-09 16:03
NVD link : CVE-2011-4190
Mitre link : CVE-2011-4190
JSON object : View
CWE
CWE-310
Cryptographic Issues
Products Affected
suse
- suse_linux_enterprise_desktop
- suse_linux_enterprise_server