Linux kexec Bugs Let Local and Remote Users Obtain Potentially Sensitive Information .
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
Several vulnerabilities were reported in Linux kexec. A remote or local user can obtain potentially sensitive information.
Kdump uses the SSH "StrictHostKeyChecking=no" option when dumping to SSH targets. A remote user on the local network with the ability to conduct a man-in-the-middle attack can impersonate the kdump SSH server to potentially access information in vmcore dumps [CVE-2011-3588].
mkdumprd creates initrd files with world-readable permissions. A local user may be able to obtain information such as the private SSH key used for the kdump server[CVE-2011-3589] .
mkdumprd includes sensitive files (e.g., all files from "/root/.ssh/", the host's private SSH keys) in the resulting initrd. If the initrd files were previously created with world-readable permissions, a local user can obtain the sensitive files [CVE-2011-3590].
A remote or local user can obtain potentially sensitive information.
Red Hat has issued a fix. kexec-tools Security, Bug Fix, and Enhancement Update