CVE-2012-4454

Published: Oct 10, 2012Modified: Apr 29, 2026

2.9

Vector

AV:A/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 5.5 / Impact: 2.9

Source: NVD

Description

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.

Affected (12)

Products: Opencryptoki Project: Opencryptoki

Opencryptoki Project

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Opencryptoki Project Opencryptoki	Up to 2.4
Opencryptoki Project Opencryptoki	Version 2.2.3
Opencryptoki Project Opencryptoki	Version 2.2.4.1
Opencryptoki Project Opencryptoki	Version 2.2.4
Opencryptoki Project Opencryptoki	Version 2.2.5
Opencryptoki Project Opencryptoki	Version 2.2.6
Opencryptoki Project Opencryptoki	Version 2.2.7
Opencryptoki Project Opencryptoki	Version 2.2.8
Opencryptoki Project Opencryptoki	Version 2.3.0
Opencryptoki Project Opencryptoki	Version 2.3.1
Opencryptoki Project Opencryptoki	Version 2.3.2
Opencryptoki Project Opencryptoki	Version 2.3.3

Related CWEs

References (26)

http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=58345488c9351d9be9a4be27c8b407c2706a33a9

Source: secalert@redhat.com

http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=b7fcb3eb0319183348f1f4fb90ede4edd6487c30

Source: secalert@redhat.com

http://secunia.com/advisories/50702

Source: secalert@redhat.com

Vendor Advisory

http://sourceforge.net/mailarchive/message.php?msg_id=28878345

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/09/07/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/09/07/6

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/09/09/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/09/20/6

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/09/25/5

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/09/27/2

Source: secalert@redhat.com

http://www.securityfocus.com/bid/55627

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=730636

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/78797

Source: secalert@redhat.com

http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=58345488c9351d9be9a4be27c8b407c2706a33a9

Source: af854a3a-2127-422b-91ae-364da2661108

http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=b7fcb3eb0319183348f1f4fb90ede4edd6487c30

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/50702

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://sourceforge.net/mailarchive/message.php?msg_id=28878345

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/09/07/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/09/07/6

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/09/09/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/09/20/6

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/09/25/5

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/09/27/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/55627

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=730636

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/78797

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.