| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.7 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical has been found in kdump. This impacts an unknown function of the component Host Key Handler. This manipulation causes cryptographic issue. This vulnerability appears as CVE-2011-4190. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.
Details
A vulnerability was found in kdump (version now known). It has been declared as problematic. Affected by this vulnerability is some unknown processing of the component Host Key Handler. The manipulation with an unknown input leads to a cryptographic issue vulnerability. The CWE definition for the vulnerability is CWE-310. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).
The bug was discovered 02/09/2012. The weakness was presented 06/08/2018 as Bug 722440 as not defined bug report (Bugzilla). The advisory is shared at bugzilla.suse.com. This vulnerability is known as CVE-2011-4190 since 10/25/2011. The attack can be launched remotely. Required for exploitation is a single authentication. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1600 for this issue.
Upgrading eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Affected
- OpenSSH
Product
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.8VulDB Meta Temp Score: 4.7
VulDB Base Score: 3.1
VulDB Temp Score: 3.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.3
NVD Vector: 🔍
CNA Base Score: 5.9
CNA Vector (SUSE): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cryptographic issueCWE: CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
10/25/2011 🔍01/20/2012 🔍
02/09/2012 🔍
06/08/2018 🔍
06/08/2018 🔍
06/09/2018 🔍
03/22/2023 🔍
Sources
Advisory: Bug 722440Status: Not defined
Confirmation: 🔍
CVE: CVE-2011-4190 (🔍)
GCVE (CVE): GCVE-0-2011-4190
GCVE (VulDB): GCVE-100-119293
Entry
Created: 06/09/2018 10:28Updated: 03/22/2023 09:51
Changes: 06/09/2018 10:28 (59), 02/17/2020 15:27 (2), 03/22/2023 09:51 (14)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.