Lucene search
K

32 matches found

CVE
CVE
added 2014/02/15 11:0 a.m.57 views

CVE-2011-3589

CVE-2011-3589 concerns the kexec-tools mkdumprd script creating world-readable vmcore files, enabling local users to read sensitive content (e.g., root SSH keys) on Red Hat Enterprise Linux. Affected are kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 in RHEL; the issue stems from pe...

5.7CVSS5.6AI score0.00543EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2014/02/15 11:0 a.m.53 views

CVE-2011-3590

The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive...

5.7CVSS5.8AI score0.00568EPSS
Exploits1
Debian CVE
Debian CVE
added 2014/02/15 11:0 a.m.60 views

CVE-2011-3588

The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers...

5.7CVSS5.5AI score0.00544EPSS
Exploits1
Debian CVE
Debian CVE
added 2014/02/15 11:0 a.m.48 views

CVE-2011-3589

The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file...

5.7CVSS5.6AI score0.00543EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2012/02/21 2:20 a.m.8 views

kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images

The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive...

5.7CVSS5.8AI score0.00568EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/02/21 2:20 a.m.5 views

kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images

The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file...

5.7CVSS5.8AI score0.00543EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/02/21 2:20 a.m.6 views

kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images

The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers...

5.7CVSS6.2AI score0.00544EPSS
Exploits1References4
seebug.org
seebug.org
added 2011/12/08 12:0 a.m.28 views

Linux系统kexec-tools "kdump/mkdumprd"信息泄露漏洞

BUGTRAQ ID: 50420 CVE ID: CVE-2011-3590 Linux是自由电脑操作系统。 Linux系统的kdump/mkdumprd工具在实现上存在本地信息泄露漏洞,本地攻击者可利用此漏洞获取敏感信息,例如根用户使用的ssh密钥。 Linux kernel 3.x Linux kernel 2.6.x RedHat Enterprise Linux Workstation 6 RedHat Enterprise Linux Server 6 RedHat Enterprise Linux HPC Node 6 RedHat Enterprise Linux...

5.7CVSS0.4AI score0.00568EPSS
Exploits1
seebug.org
seebug.org
added 2011/12/08 12:0 a.m.30 views

Linux系统kexec-tools mkdumprd工具信息泄露漏洞

BUGTRAQ ID: 50415 CVE ID: CVE-2011-3589 Linux是自由电脑操作系统内核。 Linux系统的mkdumprd工具在实现上存在本地信息泄露漏洞,本地攻击者可利用此漏洞获取敏感信息 Linux kernel 3.x Linux kernel 2.6.x RedHat Enterprise Linux Workstation 6 RedHat Enterprise Linux Server 6 RedHat Enterprise Linux HPC Node 6 RedHat Enterprise Linux Desktop 6 厂商补丁: Linux...

5.7CVSS0.5AI score0.00543EPSS
Exploits1
seebug.org
seebug.org
added 2011/12/08 12:0 a.m.43 views

Linux系统kdump和mkdumprd工具信息泄露漏洞

BUGTRAQ ID: 50416 CVE ID: CVE-2011-3588 Linux是自由电脑操作系统。 Linux系统的kdump和mkdumprd工具在实现上存在远程信息泄露漏洞,远程攻击者可利用此漏洞获取敏感信息 Linux kernel 3.x Linux kernel 2.6.x RedHat Enterprise Linux Workstation 6 RedHat Enterprise Linux Server 6 RedHat Enterprise Linux HPC Node 6 RedHat Enterprise Linux Desktop 6 厂商补丁:...

5.7CVSS0.4AI score0.00544EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2011/12/05 7:54 p.m.3 views

kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images

The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers...

5.7CVSS6.2AI score0.00544EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2011/12/05 7:54 p.m.3 views

kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images

The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive...

5.7CVSS5.8AI score0.00568EPSS
Exploits1References4
Rows per page
Query Builder