CVE-2008-1383
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2008-1383
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Gentoo ssl-cert eclass信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Gentoo Linux是Gentoo基金会的一套开源的Linux系统。 Gentoo Linux的ssl-cert.eclass实现上存在漏洞,本地攻击者可能利用此漏洞非授权获取信息。 在ssl-cert.eclass中,docert函数用于生成SSL密钥和SSL证书。如果在src_compile或src_install中使用了docert函数,SSL密钥就会包含在不受保护的binpkg中,任何可以访问系统的用户都可以解压tarball恢复密钥。如果要利用这个漏洞,攻击者必须能够访问使用--buildp
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2008-1383
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2008-1383
请登录查看更多情报信息。
- https://bugs.gentoo.org/show_bug.cgi?id=174759x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2008-1383
Same Patch Batch · n/a · 2008-03-18 · 39 CVEs total
| CVE-2008-0997 | Apple Mac OS AppKit处理PPD文件栈溢出漏洞 | |
| CVE-2008-1000 | Apple Mac OS 服务器目录遍历漏洞 | |
| CVE-2008-0044 | Apple Mac OS AFP客户端 afp:// URL栈溢出漏洞 | |
| CVE-2008-0045 | Apple Mac OS AFP服务器 Kerberos主域名跨域认证漏洞 | |
| CVE-2008-0046 | Apple Mac OS 德语版的应用防火墙为特定服务和应用设置访问漏洞 | |
| CVE-2008-0048 | Apple Mac OS NSDocument API处理文件名栈溢出漏洞 | |
| CVE-2008-0049 | Apple Mac OS NSApplication线程mach端口任意命令执行漏洞 | |
| CVE-2008-0050 | Apple Safari HTTPS代理服务器可能在502 Bad Gateway安全欺骗漏洞 | |
| CVE-2008-0051 | Apple Mac OS CoreFoundation处理整数溢出漏洞 | |
| CVE-2008-0057 | Apple Mac OS 老式序列号格式的解析器多个整数溢出漏洞 | |
| CVE-2008-0999 | Apple Mac OS 磁盘格式(UDF)文件系统意外关闭漏洞 | |
| CVE-2008-1372 | bzip2 'bzlib.c' 未明文件全文溢出漏洞 | |
| CVE-2008-1330 | Novell GroupWise Windows客户端API共享文件夹邮件信息泄露漏洞 | |
| CVE-2008-1369 | Sun SPARC Enterprise T5120 and T5220 Servers 'sshd_config文件'不安全默认配置漏洞 | |
| CVE-2008-1370 | wildmary Yap Blog 'index.php' PHP远程文件包含漏洞 | |
| CVE-2008-1371 | Drake CMS 'install/index.php' 完全路径遍历漏洞 | |
| CVE-2008-0727 | IBM Informix Dynamic Server多个远程溢出漏洞 | |
| CVE-2008-0949 | IBM Informix Dynamic Server 畸形连接请求安全权限漏洞 | |
| CVE-2008-1368 | Microsoft Internet Explorer 代码注入漏洞 | |
| CVE-2008-0988 | Apple Mac OS Libsystem的strnstr strnstr API的字节错误漏洞 |
Showing top 20 of 39 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2008-1383
No comments yet