CVE-2014-3209
Summary
| CVE | CVE-2014-3209 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-11-16 01:59:00 UTC |
| Updated | 2014-11-17 17:06:00 UTC |
| Description | The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Nlnetlabs | Ldns | 1.6.0 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.1 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.10 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.11 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.2 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.3 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.4 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.5 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.6 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.7 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.8 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.9 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.0 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.1 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.10 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.11 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.2 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.3 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.4 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.5 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.6 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.7 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.8 | All | All | All |
| Application | Nlnetlabs | Ldns | 1.6.9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ldns CVE-2014-3209 Local Insecure File Permissions Vulnerability | BID | www.securityfocus.com | |
| oss-security - ldns-keygen creates private key world readable | MLIST | www.openwall.com | |
| Bug 573 – CVE-2014-3209: ldns-keygen should create private key files with stricter permissions | CONFIRM | www.nlnetlabs.nl | |
| #746758 - ldnsutils: CVE-2014-3209: ldns-keygen creates private key world readable - Debian Bug report logs | CONFIRM | bugs.debian.org | |
| oss-security - Re: ldns-keygen creates private key world readable | MLIST | www.openwall.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.