CVE-2012-4455

Published: Oct 10, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20120909 Re: CVE request: opencryptoki insecure lock files handling

mailing-list

x_refsource_MLIST

[oss-security] 20120924 Re: CVE request: opencryptoki insecure lock files handling

mailing-list

x_refsource_MLIST

50702

third-party-advisory

x_refsource_SECUNIA

55627

vdb-entry

x_refsource_BID

[oss-security] 20120927 Re: CVE request: opencryptoki insecure lock files handling

mailing-list

x_refsource_MLIST

opencryptoki-file-symlink(78943)

vdb-entry

x_refsource_XF

[oss-security] 20120920 Re: CVE request: opencryptoki insecure lock files handling

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=730636

x_refsource_MISC

[Opencryptoki-tech] 20120427 opencryptoki release 2.4.2

mailing-list

x_refsource_MLIST

http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=5667edb52cd27b7e512f48f823b4bcc6b872ab15

x_refsource_CONFIRM

[oss-security] 20120906 CVE request: opencryptoki insecure lock files handling

mailing-list

x_refsource_MLIST

[oss-security] 20120907 Re: CVE request: opencryptoki insecure lock files handling

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-4455

Description

Affected Products

References