Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 10 Oct 2011 15:12:39 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
CC: oss-security@...ts.openwall.com,
        Mitre CVE assign department <cve-assign@...re.org>,
        Security Focus Team <vuldb@...urityfocus.com>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE ASSIGNMENT CORRECTION -- USE CVE-2011-3590 instead of CVE-2011-2390
 [was: Re: kexec-tools: Multiple security flaws by management
 of kdump core files and ramdisk images]


Hello vendors,

   1) apologize for capital letters in the subject. Just wanted this
message not to be overlooked, since it's important.

On 10/05/2011 04:34 AM, Huzaifa Sidhpurwala wrote:
> Hi All,
>
> Kevan Carstensen reported multiple security flaws in kexec-tools,
> details are as follows:
>
> 1. CVE-2011-3588:
>
> The default value of "StrictHostKeyChecking=no" has been used for kdump/
> mkdumprd openssh integration. A remote malicious kdump server could use
> this flaw to impersonate the intended, correct kdump server to obtain
> security sensitive information (kdump core files).
>
> 2. CVE-2011-3589
>
> mkdumprd utility copied content of certain directories into newly
> created initial ramdisk images, potentially leading to information leak.
>
> 3. CVE-2011-2390

2) Due to a mistake, an incorrect CVE identifier of CVE-2011-2390 was
used  here / in the previous post. The proper one should be 
CVE-2011-3590, as detailed here:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=716439#c61

Since there are some incorrect references present in the public already:
[2] http://www.securityfocus.com/bid/49944/info

we wanted to kindly ask you to update your entries. CVE-2011-2390 is
NOT the correct one, please use CVE-2011-3590 identifier to reference
the following security flaw:

3. kdump/mkdumprd copies all the .ssh keys of root user on the vmcore
    file. This may include keys which are not-required and may be
    confidential to the root user also.

in the kexec-tools package.

Apologize to all of the affected parties for the inconvenience.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

>
> mkdumprd utility created the final initial ramdisk image with
> world-readable permissions, possibly leading to information leak.
>
> Reference:
> https://bugzilla.redhat.com/show_bug.cgi?id=716439
>
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ