PT-2014-5146 · Nlnet+1 · Ldns+1

Published

2014-05-10

Updated

2017-11-22

CVE-2014-3209

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ldns versions 1.6.x

Description The issue concerns the ldns-keygen tool in ldns, which uses the current umask to set the privileges of the private key. This might allow local users to obtain the private key by reading the file.

Recommendations For ldns versions 1.6.x, consider changing the file permissions of the private key to prevent unauthorized access until a patch is available. As a temporary workaround, restrict access to the private key file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-3209

MGASA-2014-0212

USN-3491-1

Affected Products

Ubuntu

Ldns

PT-2014-5146 · Nlnet+1 · Ldns+1

CVE-2014-3209

Weakness Enumeration

Related Identifiers

Affected Products

References · 25