Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-3588 | First vendor Publication | 2014-02-15 |
| Vendor | Cve | Last vendor Modification | 2014-03-06 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:A/AC:M/Au:N/C:C/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5.7 | Attack Range | Adjacent network |
| Cvss Impact Score | 6.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 5.5 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3588 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-310 | Cryptographic Issues |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-07-09 | Name : RedHat Update for kexec-tools RHSA-2011:1532-03 File : nvt/gb_RHSA-2011_1532-03_kexec-tools.nasl |
| 2012-02-21 | Name : RedHat Update for kexec-tools RHSA-2012:0152-03 File : nvt/gb_RHSA-2012_0152-03_kexec-tools.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 78051 | kexec-tools StrictHostKeyChecking SSH-Parameter MitM Weakness kdump Core Fiel... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0152.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111206_kexec_tools_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120221_kexec_tools_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0152.nasl - Type : ACT_GATHER_INFO |
| 2011-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1532.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
| Source | Url |
|---|---|
| CONFIRM | https://bugzilla.redhat.com/show_bug.cgi?id=716439 |
| REDHAT | http://rhn.redhat.com/errata/RHSA-2011-1532.html http://rhn.redhat.com/errata/RHSA-2012-0152.html |
Alert History
| Date | Informations |
|---|---|
| 2021-04-22 01:20:57 |
|
| 2020-05-23 01:46:42 |
|
| 2020-05-23 00:31:10 |
|
| 2014-03-06 13:21:51 |
|
| 2014-02-18 21:21:00 |
|
| 2014-02-17 11:05:23 |
|
| 2014-02-15 17:18:52 |
|
