CVE-2011-4190
Missing verification of host key for kdump server
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).
La implementación kdump carece de la verificación de clave host en la integración OpenSSH de kdump y mkdumprd de kdump en versiones anteriores al 2012-01-20. Esto es similar a CVE-2011-3588, pero se diferencian en que la implementación de kdump es específica de SUSE. Un servidor kdump malicioso remoto podría emplear este error para suplantar el servidor kdump correcto y obtener información sensible para la seguridad (archivos core de kdump).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-10-25 CVE Reserved
- 2018-06-08 CVE Published
- 2023-07-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
- CWE-310: Cryptographic Issues
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=722440 | X_refsource_confirm | |
| https://www.suse.com/security/cve/CVE-2011-4190 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Suse Search vendor "Suse" | Suse Linux Enterprise Desktop Search vendor "Suse" for product "Suse Linux Enterprise Desktop" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "11" | sp1 |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | sp1 |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | sp1, sap_aio |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11.0 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11.0" | sp1, ltss |
Affected
| ||||||