CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2014-3209
https://notcve.org/view.php?id=CVE-2014-3209
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. La herramienta Idns-keygen en Idns 1.6.x utiliza la umask actual para configurar los privilegios de la clave privada, lo que podría permitir a usuarios locales obtener la clave privada mediante la lectura del archivo. • http://www.openwall.com/lists/oss-security/2014/05/03/2 http://www.openwall.com/lists/oss-security/2014/05/05/4 http://www.securityfocus.com/bid/67200 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758 https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=573 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 13%CPEs: 26EXPL: 0CVE-2011-3581
https://notcve.org/view.php?id=CVE-2011-3581
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length. Desboramiento de buffer basado en memoria dinámica en la función ldns_rr_new_frm_str_internal en ldns antes de v1.6.11, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de un Resource Record (RR) con una entrada que contiene un tipo desconocido más largo del tamaño especificado • http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068091.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068201.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068239.html http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00008.html http://nlnetlabs.nl/svn/ldns/tags/release-1.6.11/Changelog http://seclists.org/oss-sec/2011/q3/503 http://seclists.org/oss-sec/2011/q3/542 http://secunia.com/advisories&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •