Computer Security
[EN] securityvulns.ru no-pyccku


Gentoo Linux multiple packages incalid SSL certificates generation
Published:20.03.2008
Source:
SecurityVulns ID:8809
Type:library
Threat Level:
6/10
Description:Certificate may be leaked to public file due to invalid ssl-cert eclass implementation.
CVE:CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.)
Original documentdocumentGENTOO, [ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure (20.03.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod