CVE-2014-3209
EPSS 0.15%
Description
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
How to fix CVE-2014-3209
To remediate CVE-2014-3209, upgrade the affected package to a fixed version below.
- Debian/ldns—upgrade to 1.6.17-4 or later
Is CVE-2014-3209 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.6.17-4