Vulnerability Details CVE-2016-4984
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.6%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 1.9
References
Products affected by CVE-2016-4984
-
cpe:2.3:a:openldap:openldap-servers:*
-
cpe:2.3:o:redhat:enterprise_linux:5
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0