When running /usr/libexec/openldap-generate-server-cert.sh, a tmp file with a random name is being generated, and should be deleted after use. A wrong variable is used in deletion, leaving security relevant material lying around in an insecure fashion.<br />
<br />
In the trace below you can see the CERT_RANDOM file being generated, but it is attempted to delete $RANDOM_DATA after use. <br />
<br />
This is wrong. It should have been "rm -rf $CERT_RANDOM". <br />
<br />
After completion of the script, the file is left behind in /tmp, containing random bytes used to generate the cert. This is a security issue, even if the permissions of the file are restrictive.
↧
