Local File Permission Vulnerability in openCryptoki by Opencryptoki
CVE-2012-4455

Currently unrated

Key Information:

Vendor: Opencryptoki Project
Status: Opencryptoki
Vendor: CVE Published:; 10 October 2012

🔔 Create Opencryptoki Project Vulnerability Alert

What is CVE-2012-4455?

The vulnerability allows local users to exploit insecure locking mechanisms in openCryptoki 2.4.1. By using a symlink attack, attackers can create or modify world-writable permissions on arbitrary files. This can lead to unauthorized access and manipulation of sensitive data. The issue originates from improper handling of lock files located in /var/lock/, specifically the LCK..opencryptoki or LCK..opencryptoki_stdll files, which could be redirected by attackers to target malicious files.

References

http://www.openwall.com/lists/oss-security/2012/09/09/2

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2012/09/25/5

mailing-listx_refsource_MLIST

http://secunia.com/advisories/50702

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2012
Vulnerability Reserved
Aug 21, 2012

CVE-2012-4455 Data

JSON