Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1383

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2008-1383
Last Modified 13 Nov 2008 12:00:00
Published 18 Mar 2008 06:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1383

Summary

The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.

Vulnerable Systems

Operating System

  • Gentoo Linux


References

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=174759

XF - gentoo-docert-sslkey-weak-security(41336)

BID - 28350

GENTOO - GLSA-200803-30

SECUNIA - 29436

OSVDB - 43479


Last Updated: 27 May 2016 10:47:08