Vulnerability Description
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gentoo | Linux | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/43479
- http://secunia.com/advisories/29436Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200803-30.xml
- http://www.securityfocus.com/bid/28350
- https://bugs.gentoo.org/show_bug.cgi?id=174759
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41336
- http://osvdb.org/43479
- http://secunia.com/advisories/29436Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200803-30.xml
- http://www.securityfocus.com/bid/28350
- https://bugs.gentoo.org/show_bug.cgi?id=174759
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41336
FAQ
What is CVE-2008-1383?
CVE-2008-1383 is a vulnerability with a CVSS score of 1.9 (LOW). The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes...
How severe is CVE-2008-1383?
CVE-2008-1383 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1383?
Check the references section above for vendor advisories and patch information. Affected products include: Gentoo Linux.