RSS   Vulnerabilities for 'Openldap-servers'   RSS

2017-07-17
 
CVE-2016-4984

CWE-362
 

 
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.

 

 >>> Vendor: Openldap 2 Products
Openldap
Openldap-servers


Copyright 2024, cxsecurity.com

 

Back to Top