Vulnerability in Opencryptoki_project Opencryptoki
CVE-2012-4454
openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.
EPSS: 0.010 (59.4th percentile) — read the EPSS interpretation.
Affected products
- Opencryptoki_project Opencryptoki — versions 2.2.3, 2.2.4, 2.2.4.1
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (vdb-entry, x_refsource_BID)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_MISC)
- secalert@redhat.com (vdb-entry, x_refsource_XF)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)