Published: 16/11/2014 Updated: 17/11/2014

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nlnetlabs ldns 1.6.11
nlnetlabs ldns 1.6.3
nlnetlabs ldns 1.6.8
nlnetlabs ldns 1.6.0
nlnetlabs ldns 1.6.1
nlnetlabs ldns 1.6.4
nlnetlabs ldns 1.6.5
nlnetlabs ldns 1.6.6
nlnetlabs ldns 1.6.7
nlnetlabs ldns 1.6.10
nlnetlabs ldns 1.6.2
nlnetlabs ldns 1.6.9

Several security issues were fixed in ldns ...

Debian Bug report logs - #752092 softhsm-keyconv creates security-sensibe file world-readable Package: softhsm; Maintainer for softhsm is Debian DNS Team <team+dns@trackerdebianorg>; Source for softhsm is src:softhsm2 (PTS, buildd, popcon) Reported by: Jonas Smedegaard <dr@jonesdk> Date: Thu, 19 Jun 2014 14:54:07 ...

Debian Bug report logs - #746758 ldnsutils: CVE-2014-3209: ldns-keygen creates private key world readable Package: src:ldns; Maintainer for src:ldns is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Jonas Smedegaard <dr@jonesdk> Date: Sat, 3 May 2014 10:45:02 UTC Severity: important Tags: security Fou ...

The ldns-keygen tool in ldns 16x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file ...

CWE-264 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758 http://www.openwall.com/lists/oss-security/2014/05/05/4 http://www.securityfocus.com/bid/67200 http://www.openwall.com/lists/oss-security/2014/05/03/2 https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=573 https://usn.ubuntu.com/3491-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-3209

CVE-2014-3209

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect