Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4454

Overview

Vulnerability Score 2.9 2.9
CVE Id CVE-2012-4454
Last Modified 10 Apr 2013 11:30:57
Published 10 Oct 2012 02:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector ADJACENT_NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4454

Summary

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.

Vulnerable Systems

Application

  • Opencryptoki Project Opencryptoki 2.2.3

  • Opencryptoki Project Opencryptoki 2.2.4

  • Opencryptoki Project Opencryptoki 2.2.4.1

  • Opencryptoki Project Opencryptoki 2.2.5

  • Opencryptoki Project Opencryptoki 2.2.6

  • Opencryptoki Project Opencryptoki 2.2.7

  • Opencryptoki Project Opencryptoki 2.2.8

  • Opencryptoki Project Opencryptoki 2.3.0

  • Opencryptoki Project Opencryptoki 2.3.1

  • Opencryptoki Project Opencryptoki 2.3.2

  • Opencryptoki Project Opencryptoki 2.3.3

  • Opencryptoki Project Opencryptoki 2.4


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=730636

XF - opencryptoki-mutliple-symlink(78797)

MLIST - [oss-security] 20120927 Re: CVE request: opencryptoki insecure lock files handling

MLIST - [oss-security] 20120924 Re: CVE request: opencryptoki insecure lock files handling

MLIST - [oss-security] 20120920 Re: CVE request: opencryptoki insecure lock files handling

MLIST - [oss-security] 20120909 Re: CVE request: opencryptoki insecure lock files handling

MLIST - [oss-security] 20120907 Re: CVE request: opencryptoki insecure lock files handling

MLIST - [oss-security] 20120906 CVE request: opencryptoki insecure lock files handling

MLIST - [Opencryptoki-tech] 20120223 opencryptoki version 2.4.1 released

SECUNIA - 50702

CONFIRM - http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30

CONFIRM - http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9

BID - 55627

Related Patches

Novell SUSE 2012:7053 openCryptoki security update for SLES 11 SP2 i586

Novell SUSE 2012:7053 openCryptoki security update for SLES 11 SP2 x86_64


Last Updated: 27 May 2016 11:00:57