Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Jun 2014 15:46:30 +1000
From: Murray McAllister <>
Subject: CVE request: softhsm, softhsm-keyconv tool creates world-readable

Good morning,

As reported in


softhsm-keyconv tool creates world-readable files. Based on the 
description of the tool at [1], my uneducated guess is it would allow an 
unprivileged user to control (if the output file is created in a 
directory they can access) a DNS server via rndc.

Could a CVE be assigned if one has not been already?

The Debian bug also notes a similar issue was fixed in ldns - I've asked 
for more details about that in the bug).



Murray McAllister / Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.