PT-2018-4039 · Openssh · Kdump

Ludwig Nussel

Published

2018-06-08

Updated

2019-10-09

CVE-2011-4190

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions kdump versions prior to 2012-01-20

Description The issue is related to the missing host key verification in the kdump and mkdumprd OpenSSH integration of kdump. This could allow a remote malicious kdump server to impersonate the correct kdump server, potentially obtaining security-sensitive information, such as kdump core files.

Recommendations For versions prior to 2012-01-20, update to a version that includes the fix for this issue to ensure host key verification is properly implemented. As a temporary workaround, consider restricting access to the kdump server to minimize the risk of exploitation.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-310

Related Identifiers

CVE-2011-4190

Affected Products

Kdump

PT-2018-4039 · Openssh · Kdump

CVE-2011-4190

Weakness Enumeration

Related Identifiers

Affected Products

References · 3