CVE-2011-4190

Summary

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).

Affected Software

VendorProductVersion RangeStatus
SUSEkdumpunspecified < 2012-01-20affected

Weaknesses

  • CWE-306: CWE-306

ADP Enrichment

CVE Program Container

Additional References

References