CVE-2014-3209

Published: Nov 16, 2014Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.

Affected (12)

Products: Nlnetlabs: Ldns

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Nlnetlabs Ldns	Version 1.6.0
Nlnetlabs Ldns	Version 1.6.10
Nlnetlabs Ldns	Version 1.6.11
Nlnetlabs Ldns	Version 1.6.1
Nlnetlabs Ldns	Version 1.6.2
Nlnetlabs Ldns	Version 1.6.3
Nlnetlabs Ldns	Version 1.6.4
Nlnetlabs Ldns	Version 1.6.5
Nlnetlabs Ldns	Version 1.6.6
Nlnetlabs Ldns	Version 1.6.7
Nlnetlabs Ldns	Version 1.6.8
Nlnetlabs Ldns	Version 1.6.9

Related CWEs

References (10)

http://www.openwall.com/lists/oss-security/2014/05/03/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2014/05/05/4

Source: secalert@redhat.com

http://www.securityfocus.com/bid/67200

Source: secalert@redhat.com

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758

Source: secalert@redhat.com

https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=573

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2014/05/03/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/05/05/4

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/67200

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=573

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.