First published: Fri Jun 08 2018(Updated: )
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).
Credit: meissner@suse.de
Affected Software | Affected Version | How to fix |
---|---|---|
SUSE SUSE Linux Enterprise Server | =11-sp1 | |
SUSE SUSE Linux Enterprise Server | =11.0-sp1 | |
Suse Suse Linux Enterprise Server | =11-sp1 | |
SUSE SUSE Linux Enterprise Desktop | =11-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-4190 is a vulnerability in the kdump implementation that is specific to SUSE Linux Enterprise Server and SUSE Linux Enterprise Desktop.
The severity of CVE-2011-4190 is medium, with a severity value of 5.3.
CVE-2011-4190 affects SUSE Linux Enterprise Server versions 11 and 11.0 SP1.
CVE-2011-4190 affects SUSE Linux Enterprise Desktop version 11 SP1.
You can find more information about CVE-2011-4190 at the following links: 1. [SUSE Security Advisory](https://www.suse.com/security/cve/CVE-2011-4190/) 2. [SUSE Bugzilla](https://bugzilla.suse.com/show_bug.cgi?id=722440)