PT-2012-5411 · Ibm+1 · Opencryptoki+1
Tomas Hoger
·
Published
2012-10-10
·
Updated
2023-02-13
·
CVE-2012-4455
CVSS v2.0
6.2
Medium
| Vector | AV:L/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
openCryptoki version 2.4.1
Description
The issue allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki stdll file in /var/lock/.
Recommendations
For openCryptoki version 2.4.1, consider restricting access to the /var/lock/ directory to prevent symlink attacks on the LCK..opencryptoki and LCK..opencryptoki stdll files until a patch is available.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suse
Opencryptoki