Weak Permissions for TLS Certificate in openldap-servers' generate-server-cert.sh Script

Weak Permissions for TLS Certificate in openldap-servers' generate-server-cert.sh Script

CVE-2016-4984 · LOW Severity

AV:L/AC:M/AU:N/C:P/I:N/A:N

/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.

Learn more about our Cis Benchmark Audit For Server Software.