CVE-2011-2390

Published: 5 October 2011

The default value of "StrictHostKeyChecking=no" has been used for kdump/ mkdumprd openssh integration. A remote malicious kdump server could use this flaw to impersonate the intended, correct kdump server to obtain security sensitive information (kdump core files).

Priority

Status

Package	Release	Status
kexec-tools Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Ignored (end of life)
	maverick	Ignored (end of life)
	natty	Ignored (end of life)
	oneiric	Ignored (end of life)
	upstream	Needs triage

References

https://www.cve.org/CVERecord?id=CVE-2011-2390
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=716439

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›