ByteOS Network

NVD Vulnerability Details :

CVE-2008-1383

Modified

Source-cve@mitre.org

Published At-18 Mar, 2008 | 22:44

Updated At-08 Aug, 2017 | 01:30

The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	1.9	LOW	AV:L/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 1.9

Base severity: LOW

Vector:

AV:L/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

Gentoo Foundation, Inc.

>>linux>>*

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-310	Primary	nvd@nist.gov

CWE ID: CWE-310

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://osvdb.org/43479	cve@mitre.org	N/A
http://secunia.com/advisories/29436	cve@mitre.org	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200803-30.xml	cve@mitre.org	N/A
http://www.securityfocus.com/bid/28350	cve@mitre.org	N/A
https://bugs.gentoo.org/show_bug.cgi?id=174759	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/41336	cve@mitre.org	N/A