Ldns
CVE-2014-3209
LOW
Severity by source
AV:L/AC:L/Au:N/C:P/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:L/Au:N/C:P/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
AnalysisAI
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. Affected products include: Nlnetlabs Ldns.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. Rated critical sever
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. Rated critical severity
Off-path DNS response spoofing in NLnet Labs ldns 1.2.0 through 1.9.0 allows remote attackers to inject forged answers i
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today