CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
4.7 | $0-$5k | 0.00 |
A vulnerability was found in kdump (version now known). It has been declared as problematic. Affected by this vulnerability is some unknown processing of the component Host Key Handler. The manipulation with an unknown input leads to a cryptographic issues vulnerability. The CWE definition for the vulnerability is CWE-310. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).
The bug was discovered 02/09/2012. The weakness was presented 06/08/2018 as Bug 722440 as not defined bug report (Bugzilla). The advisory is shared at bugzilla.suse.com. This vulnerability is known as CVE-2011-4190 since 10/25/2011. The attack can be launched remotely. Required for exploitation is a single authentication. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1600 for this issue.
Upgrading eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
Affected
- OpenSSH
Product
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.8VulDB Meta Temp Score: 4.7
VulDB Base Score: 3.1
VulDB Temp Score: 3.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.3
NVD Vector: 🔍
CNA Base Score: 5.9
CNA Vector (SUSE): 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cryptographic issuesCWE: CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
10/25/2011 🔍01/20/2012 🔍
02/09/2012 🔍
06/08/2018 🔍
06/08/2018 🔍
06/09/2018 🔍
03/22/2023 🔍
Sources
Advisory: Bug 722440Status: Not defined
Confirmation: 🔍
CVE: CVE-2011-4190 (🔍)
Entry
Created: 06/09/2018 10:28Updated: 03/22/2023 09:51
Changes: 06/09/2018 10:28 (59), 02/17/2020 15:27 (2), 03/22/2023 09:51 (14)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.