Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE ASSIGNMENT CORRECTION -- USE CVE-2011-3590 instead of CVE-2011-2390 [was: Re: [oss-security] kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images]
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 10 Oct 2011 15:12:39 +0200


Hello vendors,

  1) apologize for capital letters in the subject. Just wanted this
message not to be overlooked, since it's important.

On 10/05/2011 04:34 AM, Huzaifa Sidhpurwala wrote:
Hi All,

Kevan Carstensen reported multiple security flaws in kexec-tools,
details are as follows:

1. CVE-2011-3588:

The default value of "StrictHostKeyChecking=no" has been used for kdump/
mkdumprd openssh integration. A remote malicious kdump server could use
this flaw to impersonate the intended, correct kdump server to obtain
security sensitive information (kdump core files).

2. CVE-2011-3589

mkdumprd utility copied content of certain directories into newly
created initial ramdisk images, potentially leading to information leak.

3. CVE-2011-2390

2) Due to a mistake, an incorrect CVE identifier of CVE-2011-2390 was
used here / in the previous post. The proper one should be CVE-2011-3590, as detailed here:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=716439#c61

Since there are some incorrect references present in the public already:
[2] http://www.securityfocus.com/bid/49944/info

we wanted to kindly ask you to update your entries. CVE-2011-2390 is
NOT the correct one, please use CVE-2011-3590 identifier to reference
the following security flaw:

3. kdump/mkdumprd copies all the .ssh keys of root user on the vmcore
   file. This may include keys which are not-required and may be
   confidential to the root user also.

in the kexec-tools package.

Apologize to all of the affected parties for the inconvenience.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team


mkdumprd utility created the final initial ramdisk image with
world-readable permissions, possibly leading to information leak.

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=716439




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]