Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1383


Vulnerability Score 1.9 1.9
CVE Id CVE-2008-1383
Last Modified 13 Nov 2008 12:00:00
Published 18 Mar 2008 06:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE



The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.

Vulnerable Systems

Operating System

  • Gentoo Linux



XF - gentoo-docert-sslkey-weak-security(41336)

BID - 28350

GENTOO - GLSA-200803-30

SECUNIA - 29436

OSVDB - 43479

Last Updated: 27 May 2016 10:47:08