Описание
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | not-affected | |
| esm-infra/xenial | not-affected | |
| precise | not-affected | |
| trusty | not-affected | |
| trusty/esm | not-affected | |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | not-affected | |
| vivid/ubuntu-core | not-affected | |
| wily | not-affected |
Показывать по
Ссылки на источники
EPSS
1.9 Low
CVSS2
4.7 Medium
CVSS3
Связанные уязвимости
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets ...
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
EPSS
1.9 Low
CVSS2
4.7 Medium
CVSS3