Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-4454

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.

Published

2012-10-10T18:55:04.440

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.9 (LOW)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:N/I:P/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

5.5

Impact Score

2.9

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	opencryptoki_project	opencryptoki	≤ 2.4	Yes
Application	opencryptoki_project	opencryptoki	2.2.3	Yes
Application	opencryptoki_project	opencryptoki	2.2.4	Yes
Application	opencryptoki_project	opencryptoki	2.2.4.1	Yes
Application	opencryptoki_project	opencryptoki	2.2.5	Yes
Application	opencryptoki_project	opencryptoki	2.2.6	Yes
Application	opencryptoki_project	opencryptoki	2.2.7	Yes
Application	opencryptoki_project	opencryptoki	2.2.8	Yes
Application	opencryptoki_project	opencryptoki	2.3.0	Yes
Application	opencryptoki_project	opencryptoki	2.3.1	Yes
Application	opencryptoki_project	opencryptoki	2.3.2	Yes
Application	opencryptoki_project	opencryptoki	2.3.3	Yes

References

http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=58345488c9351d9be9a4be27c8b407c2706a33a9 ([email protected])
http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=b7fcb3eb0319183348f1f4fb90ede4edd6487c30 ([email protected])
http://secunia.com/advisories/50702 Vendor Advisory ([email protected])
http://sourceforge.net/mailarchive/message.php?msg_id=28878345 ([email protected])
http://www.openwall.com/lists/oss-security/2012/09/07/2 ([email protected])
http://www.openwall.com/lists/oss-security/2012/09/07/6 ([email protected])
http://www.openwall.com/lists/oss-security/2012/09/09/2 ([email protected])
http://www.openwall.com/lists/oss-security/2012/09/20/6 ([email protected])
http://www.openwall.com/lists/oss-security/2012/09/25/5 ([email protected])
http://www.openwall.com/lists/oss-security/2012/09/27/2 ([email protected])
http://www.securityfocus.com/bid/55627 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=730636 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/78797 ([email protected])
http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=58345488c9351d9be9a4be27c8b407c2706a33a9 (af854a3a-2127-422b-91ae-364da2661108)
http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=b7fcb3eb0319183348f1f4fb90ede4edd6487c30 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/50702 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/mailarchive/message.php?msg_id=28878345 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2012/09/07/2 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2012/09/07/6 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2012/09/09/2 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2012/09/20/6 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2012/09/25/5 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2012/09/27/2 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/55627 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=730636 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78797 (af854a3a-2127-422b-91ae-364da2661108)