Information Disclosure

2020-04-1001:09:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

21.8%

JSON

kexec-tools is vulnerable to information disclosure. Kdump used the SSH (Secure Shell) “StrictHostKeyChecking=no” option when dumping to SSH targets, causing the target kdump server’s SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps.

CPENameOperatorVersion
kexec-toolseq2.0.0__188.el6_1.2
kexec-toolseq1.102pre__77.el5
kexec-toolseq1.102pre__96.el5_5.4
kexec-toolseq2.0.0__188.el6
kexec-toolseq1.102pre__77.el5.3
kexec-toolseq1.102pre__96.el5_5.1
kexec-toolseq1.102pre__126.el5_6.6
kexec-toolseq1.102pre__21.el5_2.2
kexec-toolseq1.102pre__56.el5_3.2
kexec-toolseq1.102pre__126.el5_6.5

Name	Operator	Version
kexec-tools	eq	2.0.0__188.el6_1.2
kexec-tools	eq	1.102pre__77.el5
kexec-tools	eq	1.102pre__96.el5_5.4
kexec-tools	eq	2.0.0__188.el6
kexec-tools	eq	1.102pre__77.el5.3
kexec-tools	eq	1.102pre__96.el5_5.1
kexec-tools	eq	1.102pre__126.el5_6.6
kexec-tools	eq	1.102pre__21.el5_2.2
kexec-tools	eq	1.102pre__56.el5_3.2
kexec-tools	eq	1.102pre__126.el5_6.5