Lucene search
HistoryMar 18, 2008 - 10:44 p.m.
CVE-2008-1383
ssl
key exposure
vulnerability
gentoo linux
cve-2008-1383
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.
Affected configurations
Node
gentoolinux
| CPE | Name | Operator | Version |
|---|---|---|---|
| gentoo:linux | gentoo linux | eq | * |
Related
nvd
nvd
CVE-2008-1383
2008-03-18 22:44:00
nessus
nessus
GLSA-200803-30 : ssl-cert eclass: Certificate disclosure
2008-03-21 00:00:00
gentoo
gentoo
ssl-cert eclass: Certificate disclosure
2008-03-20 00:00:00
prion
prion
Design/Logic Flaw
2008-03-18 22:44:00
openvas
openvas
Gentoo Security Advisory GLSA 200803-30 (ssl-cert.eclass)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200803-30 (ssl-cert.eclass)
2008-09-24 00:00:00
securityvulns
securityvulns
Gentoo Linux multiple packages incalid SSL certificates generation
2008-03-20 00:00:00
[ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure
2008-03-20 00:00:00
cvelist
cvelist
CVE-2008-1383
2008-03-18 22:00:00
seebug
seebug
Gentoo ssl-cert eclass信息泄露漏洞
2008-03-22 00:00:00
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2008-1383