CVE-2014-3209
Description
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.154
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| ldns library for DNS programming (USN-3491-1) libldns1_1.6.17-1ubuntu0.1_i386.deb | Linux |
| ldns library for DNS programming (USN-3491-1) libldns1_1.6.17-1ubuntu0.1_amd64.deb | Linux |
| ldns library for DNS programming (USN-3491-1) libldns1_1.6.17-8ubuntu0.1_i386.deb | Linux |
| ldns library for DNS programming (USN-3491-1) libldns1_1.6.17-8ubuntu0.1_amd64.deb | Linux |
| ldns library for DNS programming (USN-3491-1) libldns2_1.7.0-1ubuntu1.17.04.1_i386.deb | Linux |
| ldns library for DNS programming (USN-3491-1) libldns2_1.7.0-1ubuntu1.17.04.1_amd64.deb | Linux |
| ldns library for DNS programming (USN-3491-1) libldns2_1.7.0-1ubuntu1.17.10.1_i386.deb | Linux |
| ldns library for DNS programming (USN-3491-1) libldns2_1.7.0-1ubuntu1.17.10.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234