Gentoo Linux multiple packages incalid SSL certificates generation
Published:		20.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8809
Type:		library
Level:		6/10
Description:		Certificate may be leaked to public file due to invalid ssl-cert eclass implementation.

CVE:

CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.)

Original document

GENTOO, [ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure (20.03.2008)

Discuss:

Read or add your comments to this news (1 comments)