Vulnerabilities > CVE-2011-4190 - Cryptographic Issues vulnerability in Suse products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

suse

CWE-310

NVD

Published: 2018-06-08

Updated: 2023-11-07

Summary

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).

Vulnerable Configurations

Part	Description	Count
OS	Suse Suse Suse Linux Enterprise Server 11 Suse Suse Linux Enterprise Server 11.0 Suse Suse Linux Enterprise Desktop 11	4

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References