CVE-2014-3209

EPSS 0.15%
Published 16.11.2014 01:59:03
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Nlnetlabs ≫ Ldns Version1.6.0

Nlnetlabs ≫ Ldns Version1.6.1

Nlnetlabs ≫ Ldns Version1.6.2

Nlnetlabs ≫ Ldns Version1.6.3

Nlnetlabs ≫ Ldns Version1.6.4

Nlnetlabs ≫ Ldns Version1.6.5

Nlnetlabs ≫ Ldns Version1.6.6

Nlnetlabs ≫ Ldns Version1.6.7

Nlnetlabs ≫ Ldns Version1.6.8

Nlnetlabs ≫ Ldns Version1.6.9

Nlnetlabs ≫ Ldns Version1.6.10

Nlnetlabs ≫ Ldns Version1.6.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.368

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

http://www.openwall.com/lists/oss-security/2014/05/03/2

http://www.openwall.com/lists/oss-security/2014/05/05/4

http://www.securityfocus.com/bid/67200

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758

https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=573

https://nvd.nist.gov/vuln/detail/CVE-2014-3209

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3209

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3209

EUVD