CVE-2014-3209CVE-2014-3209

Affected configuration(s):

cpe:/a:nlnetlabs:ldns:1.6.0
cpe:/a:nlnetlabs:ldns:1.6.1
cpe:/a:nlnetlabs:ldns:1.6.2
cpe:/a:nlnetlabs:ldns:1.6.3
cpe:/a:nlnetlabs:ldns:1.6.4
cpe:/a:nlnetlabs:ldns:1.6.5
cpe:/a:nlnetlabs:ldns:1.6.6
cpe:/a:nlnetlabs:ldns:1.6.7
cpe:/a:nlnetlabs:ldns:1.6.8
cpe:/a:nlnetlabs:ldns:1.6.9
cpe:/a:nlnetlabs:ldns:1.6.10
cpe:/a:nlnetlabs:ldns:1.6.11

Date published: 2014-11-15T20:59:03.163-05:00

Date last modified: 2014-11-17T12:06:37.827-05:00

CVSS Score: 2.1

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://www.openwall.com/lists/oss-security/2014/05/03/2

Summary: The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.