4 matches found
Gentoo Security Advisory GLSA 200803-30 (ssl-cert.eclass)
The remote host is missing updates announced in advisory GLSA 200803-30. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo ssl-cert eclass信息泄露漏洞
BUGTRAQ ID: 28350 CVECAN ID: CVE-2008-1383 Gentoo Linux是一套通用的、快捷的、完全免费的Linux版本,面向开发人员和专业网络人员。 Gentoo Linux的ssl-cert.eclass实现上存在漏洞,本地攻击者可能利用此漏洞非授权获取信息。...
CVE-2008-1383
The docert function in ssl-cert.eclass, when used by srccompile or srcinstall on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate...
CVE-2008-1383
CVE-2008-1383 describes a local-privilege disclosure in Gentoo’s ssl-cert.eclass: the docert() function, when invoked during src_compile/src_install, can cause the generated SSL private key to be stored inside pre-built binary packages (binpkgs). This allows a local user to extract the key from b...