Описание
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| hardy | not-affected | code not present |
| lucid | not-affected | code not present |
| maverick | not-affected | code not present |
| natty | not-affected | code not present |
| oneiric | not-affected | code not present |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
5.7 Medium
CVSS2
Связанные уязвимости
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key.
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key.
The Red Hat mkdumprd script for kexec-tools, as distributed in the kex ...
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key.
ELSA-2012-0152: kexec-tools security, bug fix, and enhancement update (MODERATE)
EPSS
5.7 Medium
CVSS2