17 matches found
EUVD-2016-6694
Malware in sbrugna...
EUVD-2011-3551
Malware in sbrugna...
EUVD-2011-3550
Malware in sbrugna...
Oracle Linux 6 : kexec-tools (ELSA-2011-1532)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2011-1532 advisory. 2.0.0-209.0.1.el6 - Make sure '--allow-missing' is effective by adding to MKDUMPRDARGS in kdump.sysconfig, kdump.sysconfig.i386, and...
SUSE CVE-2016-5759
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root...
Code injection
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root...
CVE-2016-5759
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root...
CVE-2016-5759
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root...
CVE-2011-3589
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file...
Code injection
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file...
CVE-2011-3588
CVE-2011-3588 relates to the kexec-tools/ mkdumprd OpenSSH integration where the SSH option StrictHostKeyChecking is disabled in affected Red Hat kdump tooling (kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209). This enables a man-in-the-middle to spoof the kdump server and exfiltrate...
CVE-2011-3588
The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers...
CVE-2011-3589
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file...
CVE-2011-3590
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive...
kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers...
kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive...
kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers...