ssl-cert eclass: Certificate disclosure

🗓️ 20 Mar 2008 00:00:00Reported by Gentoo FoundationType

ssl-cert eclass: Certificate disclosure. Local and remote attackers can recover SSL keys from binary packages. Upgrade packages and use different Certificate Authority for generating SSL keys

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability of the Gentoo Linux operating system allows a malicious individual to compromise the confidentiality of protected information.	28 Apr 201500:00	–	bdu_fstec
CVE	CVE-2008-1383	18 Mar 200822:00	–	cve
Cvelist	CVE-2008-1383	18 Mar 200822:00	–	cvelist
EUVD	EUVD-2008-1390	7 Oct 202500:30	–	euvd
Tenable Nessus	GLSA-200803-30 : ssl-cert eclass: Certificate disclosure	21 Mar 200800:00	–	nessus
NVD	CVE-2008-1383	18 Mar 200822:44	–	nvd
OpenVAS	Gentoo Security Advisory GLSA 200803-30 (ssl-cert.eclass)	24 Sep 200800:00	–	openvas
OpenVAS	Gentoo Security Advisory GLSA 200803-30 (ssl-cert.eclass)	24 Sep 200800:00	–	openvas
Prion	Design/Logic Flaw	18 Mar 200822:44	–	prion
securityvulns	[ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure	20 Mar 200800:00	–	securityvulns

OS	OS Version	Architecture	Package	Package Version	Filename
Gentoo	any	all	app-admin/conserver	8.1.16	UNKNOWN
Gentoo	any	all	mail-mta/postfix	2.4.6-r2	UNKNOWN
Gentoo	any	all	net-ftp/netkit-ftpd	0.17-r7	UNKNOWN
Gentoo	any	all	net-im/ejabberd	1.1.3	UNKNOWN
Gentoo	any	all	net-irc/unrealircd	3.2.7-r2	UNKNOWN
Gentoo	any	all	net-mail/cyrus-imapd	2.3.9-r1	UNKNOWN
Gentoo	any	all	net-mail/dovecot	1.0.10	UNKNOWN
Gentoo	any	all	net-misc/stunnel	4.21-r1	UNKNOWN
Gentoo	any	all	net-nntp/inn	2.4.3-r1	UNKNOWN

20 Mar 2008 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 21.9

EPSS0.00212