CVE-2014-3209

Name of the Vulnerable Software and Affected Versions ldns versions 1.6.x

Description The issue concerns the ldns-keygen tool in ldns, which uses the current umask to set the privileges of the private key. This might allow local users to obtain the private key by reading the file.

Recommendations For ldns versions 1.6.x, consider changing the file permissions of the private key to prevent unauthorized access until a patch is available. As a temporary workaround, restrict access to the private key file to minimize the risk of exploitation.