Lucene search
HistoryMar 18, 2008 - 10:44 p.m.
CVE-2008-1383
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0
Percentile
5.1%
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.
Affected configurations
Node
gentoolinux
Related
cve
cve
CVE-2008-1383
2008-03-18 22:44:00
nessus
nessus
GLSA-200803-30 : ssl-cert eclass: Certificate disclosure
2008-03-21 00:00:00
prion
prion
Design/Logic Flaw
2008-03-18 22:44:00
openvas
openvas
Gentoo Security Advisory GLSA 200803-30 (ssl-cert.eclass)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200803-30 (ssl-cert.eclass)
2008-09-24 00:00:00
gentoo
gentoo
ssl-cert eclass: Certificate disclosure
2008-03-20 00:00:00
seebug
seebug
Gentoo ssl-cert eclassδΏ‘ζ―ζ³ι²ζΌζ΄
2008-03-22 00:00:00
cvelist
cvelist
CVE-2008-1383
2008-03-18 22:00:00
securityvulns
securityvulns
[ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure
2008-03-20 00:00:00
Gentoo Linux multiple packages incalid SSL certificates generation
2008-03-20 00:00:00
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2008-1383