Filtered by vendor Redhat
Subscriptions
Filtered by product Kexec-tools
Subscriptions
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-0267 | 1 Redhat | 2 Enterprise Linux, Kexec-tools | 2024-11-21 | N/A |
The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
CVE-2011-3590 | 1 Redhat | 2 Enterprise Linux, Kexec-tools | 2024-11-21 | N/A |
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content. | ||||
CVE-2011-3589 | 1 Redhat | 2 Enterprise Linux, Kexec-tools | 2024-11-21 | N/A |
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key. | ||||
CVE-2011-3588 | 1 Redhat | 2 Enterprise Linux, Kexec-tools | 2024-11-21 | N/A |
The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key. |
Page 1 of 1.