CVE-2008-1383 Information

Description

The docert function in ssl-cert.eclass when used by src_compile or src_install on Gentoo Linux stores the SSL key in a binpkg which allows local users to extract the key from the binpkg and causes multiple systems that use this binpkg to have the same SSL key and certificate.

Reference

http://osvdb.org/43479 http://secunia.com/advisories/29436 http://security.gentoo.org/glsa/glsa-200803-30.xml http://www.securityfocus.com/bid/28350 https://bugs.gentoo.org/show_bug.cgi?id=174759 https://exchange.xforce.ibmcloud.com/vulnerabilities/41336