Opencryptoki
CVE-2012-4455
MEDIUM
Severity by source
AV:L/AC:H/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:H/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.
AnalysisAI
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in. Rated medium severity (CVSS 6.2). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-59. openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/. Affected products include: Opencryptoki Project Opencryptoki.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Opencryptoki
View allopenCryptoki is a PKCS#11 library and tools for Linux and AIX. [CVSS 6.6 MEDIUM]
Privilege escalation in openCryptoki 2.3.2+ allows token-group members to exploit insecure symlink handling in group-wri
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER deco
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 pad
openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbit
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today