Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 10 Oct 2011 15:12:39 +0200
From: Jan Lieskovsky <>
        Mitre CVE assign department <>,
        Security Focus Team <>,
        "Steven M. Christey" <>
Subject: CVE ASSIGNMENT CORRECTION -- USE CVE-2011-3590 instead of CVE-2011-2390
 [was: Re: kexec-tools: Multiple security flaws by management
 of kdump core files and ramdisk images]

Hello vendors,

   1) apologize for capital letters in the subject. Just wanted this
message not to be overlooked, since it's important.

On 10/05/2011 04:34 AM, Huzaifa Sidhpurwala wrote:
> Hi All,
> Kevan Carstensen reported multiple security flaws in kexec-tools,
> details are as follows:
> 1. CVE-2011-3588:
> The default value of "StrictHostKeyChecking=no" has been used for kdump/
> mkdumprd openssh integration. A remote malicious kdump server could use
> this flaw to impersonate the intended, correct kdump server to obtain
> security sensitive information (kdump core files).
> 2. CVE-2011-3589
> mkdumprd utility copied content of certain directories into newly
> created initial ramdisk images, potentially leading to information leak.
> 3. CVE-2011-2390

2) Due to a mistake, an incorrect CVE identifier of CVE-2011-2390 was
used  here / in the previous post. The proper one should be 
CVE-2011-3590, as detailed here:

Since there are some incorrect references present in the public already:

we wanted to kindly ask you to update your entries. CVE-2011-2390 is
NOT the correct one, please use CVE-2011-3590 identifier to reference
the following security flaw:

3. kdump/mkdumprd copies all the .ssh keys of root user on the vmcore
    file. This may include keys which are not-required and may be
    confidential to the root user also.

in the kexec-tools package.

Apologize to all of the affected parties for the inconvenience.

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

> mkdumprd utility created the final initial ramdisk image with
> world-readable permissions, possibly leading to information leak.
> Reference:

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ