CVE-2008-1383

EUVD-2008-1390
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
gentoolinux
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/43479
http://secunia.com/advisories/29436
http://security.gentoo.org/glsa/glsa-200803-30.xml
http://www.securityfocus.com/bid/28350
https://bugs.gentoo.org/show_bug.cgi?id=174759
https://exchange.xforce.ibmcloud.com/vulnerabilities/41336
http://osvdb.org/43479
http://secunia.com/advisories/29436
http://security.gentoo.org/glsa/glsa-200803-30.xml
http://www.securityfocus.com/bid/28350
https://bugs.gentoo.org/show_bug.cgi?id=174759
https://exchange.xforce.ibmcloud.com/vulnerabilities/41336