Opencryptoki
Monthly
Privilege escalation in openCryptoki 2.3.2+ allows token-group members to exploit insecure symlink handling in group-writable token directories, enabling file operations on arbitrary filesystem targets when the library runs with elevated privileges. An attacker with token-group membership can plant symlinks to redirect administrative operations, potentially leading to privilege escalation or unauthorized data access. A patch is available.
openCryptoki is a PKCS#11 library and tools for Linux and AIX. [CVSS 6.6 MEDIUM]
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Privilege escalation in openCryptoki 2.3.2+ allows token-group members to exploit insecure symlink handling in group-writable token directories, enabling file operations on arbitrary filesystem targets when the library runs with elevated privileges. An attacker with token-group membership can plant symlinks to redirect administrative operations, potentially leading to privilege escalation or unauthorized data access. A patch is available.
openCryptoki is a PKCS#11 library and tools for Linux and AIX. [CVSS 6.6 MEDIUM]
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.