CVE-2012-4454

Published Oct 10, 2012

Last updated 2 years ago

Overview

Description: openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.9
Impact score: 2.9
Exploitability score: 5.5
Vector string: AV:A/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3141BA60-33AD-4301-B2BE-3E2F82AB37CA",
            "versionEndIncluding": "2.4"
          },
          {
            "criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:2.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E26F9198-85C8-41F2-AF3F-B704B85AB8A5"
          },
          {
            "criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:2.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "726C625D-9403-4CAC-9F16-9D37311A45BD"
          },
          {
            "criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:2.2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02DD567D-157C-4DBD-86C7-D6AC211FAFF9"
          },
          {
            "criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:2.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9B190B6-C2F7-4CCA-9907-D899C7B1AACD"
          },
          {
            "criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:2.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED42A7F7-9DA4-449D-9A8E-53BAEDB8BCBD"
          },
          {
            "criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:2.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7294BF8E-62EE-404A-BC23-AE8F59B66667"
          },
          {
            "criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:2.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5DDE745-9CBE-4C82-A8B1-BAFFADE1ADB5"
          },
          {
            "criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:2.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A4F69A1-94EA-4B22-977D-BDCA6751D639"
          },
          {
            "criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DDAFF947-93EA-4C3A-B84B-C1D2B41F2F97"
          },
          {
            "criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:2.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD1FFBD7-0793-478A-AD50-64BD50848021"
          },
          {
            "criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:2.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6440C3E5-C1D5-49BF-8EE1-C60E3C231DBA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References