Local File Permission Vulnerability in openCryptoki Software by OpenCryptoki
CVE-2012-4454

Currently unrated

Key Information:

Vendor: Opencryptoki Project
Status: Opencryptoki
Vendor: CVE Published:; 10 October 2012

🔔 Create Opencryptoki Project Vulnerability Alert

What is CVE-2012-4454?

The vulnerability in openCryptoki prior to version 2.4.1 allows local users to exploit insecure handling of lock files, specifically .pkapi_xpk and .pkcs11spinloc, located in the /tmp directory. By creating malicious symlinks, an attacker can manipulate permissions and potentially gain unauthorized access to arbitrary files, compromising system integrity.

References

http://www.openwall.com/lists/oss-security/2012/09/09/2

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2012/09/25/5

mailing-listx_refsource_MLIST

http://secunia.com/advisories/50702

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2012
Vulnerability Reserved
Aug 21, 2012

CVE-2012-4454 Data

JSON