You are here

U-053: Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information

December 7, 2011 - 7:30am

Addthis

PROBLEM:

Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information .

PLATFORM:

Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

ABSTRACT:

Several vulnerabilities were reported in Linux kexec. A remote or local user can obtain potentially sensitive information.

reference LINKS:

Red Hat Security Advisory: RHSA-2011:1532-3
SecurityTracker Alert ID: 1026375

IMPACT ASSESSMENT:

Medium

Discussion:

Kdump uses the SSH "StrictHostKeyChecking=no" option when dumping to SSH targets. A remote user on the local network with the ability to conduct a man-in-the-middle attack can impersonate the kdump SSH server to potentially access information in vmcore dumps [CVE-2011-3588].

mkdumprd creates initrd files with world-readable permissions. A local user may be able to obtain information such as the private SSH key used for the kdump server[CVE-2011-3589] .

mkdumprd includes sensitive files (e.g., all files from "/root/.ssh/", the host's private SSH keys) in the resulting initrd. If the initrd files were previously created with world-readable permissions, a local user can obtain the sensitive files [CVE-2011-3590].

Impact:

A remote or local user can obtain potentially sensitive information.

Solution:

Red Hat has issued a fix. kexec-tools Security, Bug Fix, and Enhancement Update
 

 

Addthis