CVE-2021-20269 – kexec-tools: incorrect permissions on kdump dmesg file
https://notcve.org/view.php?id=CVE-2021-20269
A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47. Se ha encontrado un fallo en los permisos de un archivo de registro creado por kexec-tools. • https://bugzilla.redhat.com/show_bug.cgi?id=1934261 https://access.redhat.com/security/cve/CVE-2021-20269 • CWE-276: Incorrect Default Permissions •
CVE-2015-0267 – kexec-tools: insecure use of /tmp/*$$* filenames
https://notcve.org/view.php?id=CVE-2015-0267
The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file. La secuencia de comandos de module-setup.sh de Red Hat para kexec-tools, distribuido en los paquetes kexec-tools anterior a 2.0.7-19 en Red Hat Enterprise Linux, permite a usuarios locales escribir en ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero temporal. It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files. • http://rhn.redhat.com/errata/RHSA-2015-0986.html http://www.securityfocus.com/bid/74622 https://access.redhat.com/security/cve/CVE-2015-0267 https://bugzilla.redhat.com/show_bug.cgi?id=1191575 • CWE-377: Insecure Temporary File •
CVE-2011-3589 – kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
https://notcve.org/view.php?id=CVE-2011-3589
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key. El script mkdumprd de Red Hat para kexec-tools, tal y como es distribuido en los paquetes kexec-tools 1.x anterior a 1.102pre-154 y 2.x anterior a 2.0.0-209 en Red Hat Enterprise Linux, utiliza permisos de lectura para todos para archivos vmcore, lo que permite a usuarios locales obtener información sensible mediante la inspección del contenido de ficheros, tal y como se demostró en una búsqueda de una clave root SSH. • http://rhn.redhat.com/errata/RHSA-2011-1532.html http://rhn.redhat.com/errata/RHSA-2012-0152.html https://bugzilla.redhat.com/show_bug.cgi?id=716439 https://access.redhat.com/security/cve/CVE-2011-3589 • CWE-310: Cryptographic Issues •
CVE-2011-3588 – kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
https://notcve.org/view.php?id=CVE-2011-3588
The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key. La configuración SSH en el script mkdumprd de Red Hat para kexec-tools, tal y como es distribuido en los paquetes kexec-tools 1.x anterior a 1.102pre-154 y 2.x anterior a 2.0.0-209 en Red Hat Enterprise Linux, desactiva la opción StrictHostKeyChecking, lo que permite a atacantes man-in-the-middle falsificar servidores kdump, y obtener información sensible del núcleo, mediante el uso de una clave SSH arbitraria. • http://rhn.redhat.com/errata/RHSA-2011-1532.html http://rhn.redhat.com/errata/RHSA-2012-0152.html https://bugzilla.redhat.com/show_bug.cgi?id=716439 https://access.redhat.com/security/cve/CVE-2011-3588 • CWE-310: Cryptographic Issues •
CVE-2011-3590 – kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
https://notcve.org/view.php?id=CVE-2011-3590
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content. El script mkdumprd de Red Hat para kexec-tools, tal y como es distribuido en los paquetes kexec-tools 1.x anterior a 1.102pre-154 y 2.x anterior a 2.0.0-209 en Red Hat Enterprise Linux, incluye todas las claves privadas SSH de root dentro de un fichero vmcore, lo que permite a atacantes dependientes de conexto obtener información sensible mediante la inspección del contenido del archivo. • http://rhn.redhat.com/errata/RHSA-2011-1532.html http://rhn.redhat.com/errata/RHSA-2012-0152.html https://bugzilla.redhat.com/show_bug.cgi?id=716439 https://access.redhat.com/security/cve/CVE-2011-3590 • CWE-310: Cryptographic Issues •