VDB
CVE-2008-1383
CVE-2008-1383
PUBLISHED
CVSS 1.899999976158142 LOW
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.
EPSS 0.03% · 10.4th percentile
Risk Scores
CVSS 2.0
1.899999976158142
EPSS Score
0.03%
10.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| gentoo | linux |
Timeline
- Mar 18, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- http://www.securityfocus.com/bid/28350 url
- 29436 third-party-advisory
- https://bugs.gentoo.org/show_bug.cgi?id=174759 url
- gentoo-docert-sslkey-weak-security(41336) vdb
- 43479 vdb
- GLSA-200803-30 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-1383 advisory