Local SSL Key Exposure in Gentoo Linux's ssl-cert.eclass
CVE-2008-1383

Currently unrated

Key Information:

Vendor: Gentoo
Status: Linux
Vendor: CVE Published:; 18 March 2008

What is CVE-2008-1383?

The docert function in the ssl-cert.eclass of Gentoo Linux improperly handles SSL keys during the src_compile or src_install processes. This vulnerability allows local users to access and extract sensitive SSL keys stored within binpkgs, leading to the potential use of identical SSL keys and certificates across multiple systems utilizing the same binpkg. This exposure poses significant risks to system integrity and data security.

References

http://secunia.com/advisories/29436

third-party-advisoryx_refsource_SECUNIA

https://bugs.gentoo.org/show_bug.cgi?id=174759

x_refsource_CONFIRM

http://www.securityfocus.com/bid/28350

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2008
Vulnerability Reserved
Mar 18, 2008