LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

March 2012

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA March 2012

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: kexec-tools on SL5.x i386/x86_64
From:	[log in to unmask]
Reply To:	[log in to unmask]
Date:	Tue, 6 Mar 2012 14:48:49 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (51 lines)

Synopsis:    Moderate: kexec-tools security, bug fix, and enhancement update
Issue Date:  2012-02-21
CVE Numbers: CVE-2011-3588


The kexec-tools package contains the /sbin/kexec binary and utilities that 
together form the user-space component of the kernel's kexec feature. The 
/sbin/kexec binary facilitates a new kernel to boot using the kernel's 
kexec feature either on a normal or a panic reboot. The kexec fastboot 
mechanism allows booting a Linux kernel from the context of an already 
running kernel.

Kdump used the SSH (Secure Shell) "StrictHostKeyChecking=no" option when
dumping to SSH targets, causing the target kdump server's SSH host key not
to be checked. This could make it easier for a man-in-the-middle attacker
on the local network to impersonate the kdump SSH target server and
possibly gain access to sensitive information in the vmcore dumps.
(CVE-2011-3588)

The mkdumprd utility created initrd files with world-readable permissions.
A local user could possibly use this flaw to gain access to sensitive 
information, such as the private SSH key used to authenticate to a remote 
server when kdump was configured to dump to an SSH target. (CVE-2011-3589)

The mkdumprd utility included unneeded sensitive files (such as all files 
from the "/root/.ssh/" directory and the host's private SSH keys) in the 
resulting initrd. This could lead to an information leak when initrd 
files were previously created with world-readable permissions. Note: With 
this update, only the SSH client configuration, known hosts files, and the 
SSH key configured via the newly introduced sshkey option in 
"/etc/kdump.conf" are included in the initrd. The default is the key 
generated when running the "service kdump propagate" command, 
"/root/.ssh/kdump_id_rsa". (CVE-2011-3590)

This updated kexec-tools package also includes numerous bug fixes and
enhancements.

All users of kexec-tools are advised to upgrade to this updated package, 
which resolves these security issues, fixes these bugs and adds these 
enhancements.

SL5:
  i386
     kexec-tools-1.102pre-154.el5.i386.rpm
     kexec-tools-debuginfo-1.102pre-154.el5.i386.rpm
  x86_64
     kexec-tools-1.102pre-154.el5.x86_64.rpm
     kexec-tools-debuginfo-1.102pre-154.el5.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV