[Secure-testing-team] Bug#746758: ldnsutils: ldsn-keygen creates private key world readable
Jonas Smedegaard
dr at jones.dk
Sat May 3 10:44:18 UTC 2014
Source: ldnsutils
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The ldns-keygen tool creates a keypair, one of which should be kept
private. The tool apparently use default access rights for all files,
leading to the private key being created world readable.
- Jonas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQF8BAEBCgBmBQJTZMh7XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ3NjQ4ODQwMTIyRTJDNTBFQzUxRDQwRTI0
RUMxQjcyMjM3NEY5QkQ2AAoJEE7BtyI3T5vW+QgIAJdT1+2r/0fOHcL1DXn/JkF+
EccUvBXSNjhnxmWJdmYGwosKzZt6aL4S1vxZPaBvhnINTAy0uDmjt3Ct75nft9GC
1hwYJl3IZRbmmHFadK5a1xKizD/NTz/ndB+fIbR+QjvYdmsUItWKL9226alzrheA
bCDI3RnFFeDFjjGVrxkCXEG59G5ZlWZrD95KhXVcxhM5B6qMZbgM/qU2Pis2eH18
3cz40jPTDAsw238Bvom86d9jX9n/NUJ2xS1GBAxdSt083VuwTivr0cVkE/lbvuA7
FLJiq/gfJXGOE42xXvtmTvsHAsZY8olF4vUSzmfkDODW78bpvzbRIgavxLRGUO8=
=PU+Q
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list