CVE-2014-3209

Related Files

Ubuntu Security Notice USN-3491-1

Posted Nov 24, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3491-1 - Leon Weber discovered that the ldns-keygen tool incorrectly set permissions on private keys. A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. Stephan Zeisberg discovered that ldns incorrectly handled memory when processing data. A remote attacker could use this issue to cause ldns to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local

systems | linux, ubuntu

advisories | CVE-2014-3209, CVE-2017-1000231, CVE-2017-1000232

SHA-256 | 1f311bb1d4ebdc7d627517a3a683c40f3782cb8d4c3d2424ac495863d19a2821

Download | Favorite | View

Mandriva Linux Security Advisory 2014-085

Posted May 12, 2014

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-085 - ldns-keygen creates a private key with the default permissions according to the users umask, which in most cases will cause the private key to be world-readable.

tags | advisory

systems | linux, mandriva

advisories | CVE-2014-3209

SHA-256 | 1382b581142ae375a156aac473c1a0184a11b3ba3effde06fb79be4a6d4e5528

Download | Favorite | View