CVE-2011-3589 - The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-1

CVE-2011-3589

Summary

The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key.

References

Vulnerable Configurations

cpe:2.3:a:redhat:kexec-tools:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:kexec-tools:*:*:*:*:*:*:*:*

CVSS

Base:	5.7 (as of 06-03-2014 - 04:32)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	NONE

cvss-vector via4

AV:A/AC:M/Au:N/C:C/I:N/A:N

redhat via4

advisories

rhsa
id RHSA-2011:1532
rhsa
id RHSA-2012:0152

rpms

kexec-tools-0:2.0.0-209.el6
kexec-tools-debuginfo-0:2.0.0-209.el6
kexec-tools-0:1.102pre-154.el5
kexec-tools-debuginfo-0:1.102pre-154.el5

refmap via4

confirm

https://bugzilla.redhat.com/show_bug.cgi?id=716439

Last major update

06-03-2014 - 04:32

Published

15-02-2014 - 14:57

Last modified

06-03-2014 - 04:32