Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4455

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2012-4455
Last Modified 10 Apr 2013 11:30:57
Published 10 Oct 2012 02:55:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2012-4455

Summary

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.

Vulnerable Systems

Application

  • Opencryptoki Project Opencryptoki 2.4.1


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=730636

XF - opencryptoki-file-symlink(78943)

MLIST - [oss-security] 20120927 Re: CVE request: opencryptoki insecure lock files handling

MLIST - [oss-security] 20120924 Re: CVE request: opencryptoki insecure lock files handling

MLIST - [oss-security] 20120920 Re: CVE request: opencryptoki insecure lock files handling

MLIST - [oss-security] 20120909 Re: CVE request: opencryptoki insecure lock files handling

MLIST - [oss-security] 20120907 Re: CVE request: opencryptoki insecure lock files handling

MLIST - [oss-security] 20120906 CVE request: opencryptoki insecure lock files handling

MLIST - [Opencryptoki-tech] 20120427 opencryptoki release 2.4.2

SECUNIA - 50702

CONFIRM - http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=5667edb52cd27b7e512f48f823b4bcc6b872ab15

BID - 55627

Related Patches

Novell SUSE 2012:7053 openCryptoki security update for SLES 11 SP2 i586

Novell SUSE 2012:7053 openCryptoki security update for SLES 11 SP2 x86_64


Last Updated: 27 May 2016 11:00:56