CVE-2011-4190

CVE-2011-4190 is a medium-severity vulnerability in Suse Suse Linux Enterprise Desktop with a CVSS 3.x base score of 5.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-310.

Key facts

Description

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).

Frequently asked questions

What is CVE-2011-4190?
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).
How severe is CVE-2011-4190?
CVE-2011-4190 has a CVSS 3.x base score of 5.9, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
Is CVE-2011-4190 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (51st percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2011-4190?
CVE-2011-4190 primarily affects Suse Suse Linux Enterprise Desktop. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2011-4190?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2011-4190 published?
CVE-2011-4190 was published on 2018-06-08 and last updated on 2026-06-16.

References

Affected products (4)

More vulnerabilities in Suse Suse Linux Enterprise Desktop

All CVEs affecting Suse Suse Linux Enterprise Desktop →

Other CWE-310 (Cryptographic Issues) vulnerabilities

Browse all CWE-310 (Cryptographic Issues) vulnerabilities →