Vulnerability Details CVE-2008-1383
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.5%
CVSS Severity
CVSS v2 Score 1.9
References
- http://osvdb.org/43479
- http://secunia.com/advisories/29436
- http://security.gentoo.org/glsa/glsa-200803-30.xml
- http://www.securityfocus.com/bid/28350
- https://bugs.gentoo.org/show_bug.cgi?id=174759
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41336
- http://osvdb.org/43479
- http://secunia.com/advisories/29436
- http://security.gentoo.org/glsa/glsa-200803-30.xml
- http://www.securityfocus.com/bid/28350
- https://bugs.gentoo.org/show_bug.cgi?id=174759
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41336
Products affected by CVE-2008-1383
-
cpe:2.3:o:gentoo:linux:-
-
cpe:2.3:o:gentoo:linux:1.2
-
cpe:2.3:o:gentoo:linux:1.4
-
cpe:2.3:o:gentoo:linux:2.1.30
-
cpe:2.3:o:gentoo:linux:2.2.28
-
cpe:2.3:o:gentoo:linux:2.3.30