CVE-2014-3209

medium

Description

The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.

References

https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=573

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758

http://www.securityfocus.com/bid/67200

http://www.openwall.com/lists/oss-security/2014/05/05/4

http://www.openwall.com/lists/oss-security/2014/05/03/2

Details

Source: Mitre, NVD

Published: 2014-11-16

Updated: 2014-11-17

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

Detections

Analytics