Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-4190

Опубликовано: 08 июн. 2018
Источник: nvd
CVSS3: 5.9
CVSS3: 5.3
CVSS2: 3.5
EPSS Низкий

Описание

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:sap_aio:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp1:*:*:ltss:*:*:*

EPSS

Процентиль: 44%
0.00218
Низкий

5.9 Medium

CVSS3

5.3 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-306
CWE-310

Связанные уязвимости

github логотип

GHSA-cp9h-xhgc-8r95

CVSS3: 5.3
github
больше 3 лет назад

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).

EPSS

Процентиль: 44%
0.00218
Низкий

5.9 Medium

CVSS3

5.3 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-306
CWE-310