PROBLEM:
Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information .
PLATFORM:
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
ABSTRACT:
Several vulnerabilities were reported in Linux kexec. A remote or local user can obtain potentially sensitive information.
reference LINKS:
Red Hat Security Advisory: RHSA-2011:1532-3
SecurityTracker Alert ID: 1026375
IMPACT ASSESSMENT:
Medium
Discussion:
Kdump uses the SSH "StrictHostKeyChecking=no" option when dumping to SSH targets. A remote user on the local network with the ability to conduct a man-in-the-middle attack can impersonate the kdump SSH server to potentially access information in vmcore dumps [CVE-2011-3588].
mkdumprd creates initrd files with world-readable permissions. A local user may be able to obtain information such as the private SSH key used for the kdump server[CVE-2011-3589] .
mkdumprd includes sensitive files (e.g., all files from "/root/.ssh/", the host's private SSH keys) in the resulting initrd. If the initrd files were previously created with world-readable permissions, a local user can obtain the sensitive files [CVE-2011-3590].
Impact:
A remote or local user can obtain potentially sensitive information.
Solution:
Red Hat has issued a fix. kexec-tools Security, Bug Fix, and Enhancement Update