10 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-3209
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by...
RHEL 7 : ldns (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ldns: Memory corruption in ldnsrrnewfrmfpl CVE-2017-1000231 - The ldns-keygen tool in ldns 1.6.x uses the...
RHEL 6 : ldns (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ldns: Memory corruption in ldnsrrnewfrmfpl CVE-2017-1000231 - The ldns-keygen tool in ldns 1.6.x uses the...
Ubuntu: Security Advisory (USN-3491-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3491-1: ldns vulnerabilities
Leon Weber discovered that the ldns-keygen tool incorrectly set permissions on private keys. A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. CVE-2014-3209 Stephan Zeisberg discovered that ldns incorrectly handled memory...
CVE-2014-3209
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file...
CVE-2014-3209
CVE-2014-3209 affects ldns 1.6.x, specifically the ldns-keygen tool. The root cause is that ldns-keygen uses the current umask to set the privileges of the generated private key, which could allow a local attacker to read the private key file and obtain sensitive material. This is a local, unauth...
Mandriva Linux Security Advisory : ldns (MDVSA-2014:085)
Updated ldns packages fix security vulnerability : ldns-keygen creates a private key with the default permissions according to the users umask, which in most cases will cause the private key to be world-readable CVE-2014-3209. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
MGASA-2014-0212 Updated ldns package fixes CVE-2014-3209
Updated ldns packages fix security vulnerability: ldns-keygen creates a private key with the default permissions according to the users umask, which in most cases will cause the private key to be world-readable CVE-2014-3209...
Updated ldns package fixes CVE-2014-3209
Updated ldns packages fix security vulnerability: ldns-keygen creates a private key with the default permissions according to the users umask, which in most cases will cause the private key to be world-readable CVE-2014-3209...