Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Moderate: kexec-tools on SL5.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Tuesday 6th March 2012 20:48:49 UTC (over 4 years ago)
Synopsis:    Moderate: kexec-tools security, bug fix, and enhancement
update
Issue Date:  2012-02-21
CVE Numbers: CVE-2011-3588


The kexec-tools package contains the /sbin/kexec binary and utilities that 
together form the user-space component of the kernel's kexec feature. The 
/sbin/kexec binary facilitates a new kernel to boot using the kernel's 
kexec feature either on a normal or a panic reboot. The kexec fastboot 
mechanism allows booting a Linux kernel from the context of an already 
running kernel.

Kdump used the SSH (Secure Shell) "StrictHostKeyChecking=no" option when
dumping to SSH targets, causing the target kdump server's SSH host key not
to be checked. This could make it easier for a man-in-the-middle attacker
on the local network to impersonate the kdump SSH target server and
possibly gain access to sensitive information in the vmcore dumps.
(CVE-2011-3588)

The mkdumprd utility created initrd files with world-readable permissions.
A local user could possibly use this flaw to gain access to sensitive 
information, such as the private SSH key used to authenticate to a remote 
server when kdump was configured to dump to an SSH target. (CVE-2011-3589)

The mkdumprd utility included unneeded sensitive files (such as all files 
from the "/root/.ssh/" directory and the host's private SSH keys) in the 
resulting initrd. This could lead to an information leak when initrd 
files were previously created with world-readable permissions. Note: With 
this update, only the SSH client configuration, known hosts files, and the 
SSH key configured via the newly introduced sshkey option in 
"/etc/kdump.conf" are included in the initrd. The default is the key 
generated when running the "service kdump propagate" command, 
"/root/.ssh/kdump_id_rsa". (CVE-2011-3590)

This updated kexec-tools package also includes numerous bug fixes and
enhancements.

All users of kexec-tools are advised to upgrade to this updated package, 
which resolves these security issues, fixes these bugs and adds these 
enhancements.

SL5:
  i386
     kexec-tools-1.102pre-154.el5.i386.rpm
     kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm
  x86_64
     kexec-tools-1.102pre-154.el5.x86_64.rpm
     kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm

- Scientific Linux Development Team
 
CD: 3ms