Opencryptoki
CVE-2012-4454
LOW
Severity by source
AV:A/AC:M/Au:N/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:A/AC:M/Au:N/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.
AnalysisAI
openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc. Rated low severity (CVSS 2.9). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp. Affected products include: Opencryptoki Project Opencryptoki. Version information: before 2.4.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Opencryptoki
View allopenCryptoki is a PKCS#11 library and tools for Linux and AIX. [CVSS 6.6 MEDIUM]
Privilege escalation in openCryptoki 2.3.2+ allows token-group members to exploit insecure symlink handling in group-wri
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER deco
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attac
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 pad
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today