CVE-2016-4984

Published Jul 17, 2017

Last updated 6 years ago

Overview

Description
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
Source
secalert@redhat.com
NVD status
Analyzed

Risk scores

CVSS 3.0

Type
Primary
Base score
4.7
Impact score
3.6
Exploitability score
1
Vector string
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
1.9
Impact score
2.9
Exploitability score
3.4
Vector string
AV:L/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
CWE-362

Social media

Hype score
Not currently trending

Configurations