Upstream information

CVE-2014-3209 at MITRE


The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having low severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.1
Vector AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 876311 [ASSIGNED]

No SUSE Security Announcements cross referenced.