oss-sec mailing list archives
Re: CVE request: softhsm, softhsm-keyconv tool creates world-readable files
From: Murray McAllister <mmcallis () redhat com>
Date: Fri, 20 Jun 2014 16:15:14 +1000
On 06/20/2014 04:02 PM, Salvatore Bonaccorso wrote:
Hello Murray, (keeping the Cc on the bureport to answer this also there): On Fri, Jun 20, 2014 at 03:46:30PM +1000, Murray McAllister wrote: [...]The Debian bug also notes a similar issue was fixed in ldns - I've asked for more details about that in the bug).This should be CVE-2014-3209 (dns-keygen generates keys with world readable permissions ). Regards, Salvatore
Thanks! Regarding the rndc impact I noted, it seems the softhsm-keyconv is dnssec related, not the type of keys you would use in a rndc.key file... -- Murray McAllister / Red Hat Product Security
Current thread:
- CVE request: softhsm, softhsm-keyconv tool creates world-readable files Murray McAllister (Jun 19)
- Re: CVE request: softhsm, softhsm-keyconv tool creates world-readable files Salvatore Bonaccorso (Jun 19)
- Re: CVE request: softhsm, softhsm-keyconv tool creates world-readable files Murray McAllister (Jun 19)
- Re: CVE request: softhsm, softhsm-keyconv tool creates world-readable files Salvatore Bonaccorso (Jun 19)