SuSE 11.2 Security Update : openCryptoki (SAT Patch Number 7053)

openCryptoki had insecure lock file handling, which might have allowed local users with pkcs11 privileges to look at other local users pkcs11 credentials. Some additional small fixes in pkcsslotd were fixed : - Set pkcsslotd pid to /var/run/pkcsslotd.pid - Removed spurious '-' before no-header...

CVE-2012-4455

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 LCK..opencryptoki or 2 LCK..opencryptokistdll file in /var/lock/...

CVE-2012-4454

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 .pkapixpk or 2 .pkcs11spinloc file in /tmp...

CVE-2012-4454

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 .pkapixpk or 2 .pkcs11spinloc file in /tmp...

CVE-2012-4455

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 LCK..opencryptoki or 2 LCK..opencryptokistdll file in /var/lock/...

DEBIAN-CVE-2012-4454

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 .pkapixpk or 2 .pkcs11spinloc file in /tmp...

DEBIAN-CVE-2012-4455

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 LCK..opencryptoki or 2 LCK..opencryptokistdll file in /var/lock/...

CVE-2012-4455

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 LCK..opencryptoki or 2 LCK..opencryptokistdll file in /var/lock/...

Code injection

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 LCK..opencryptoki or 2 LCK..opencryptokistdll file in /var/lock/...

CVE-2012-4454

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 .pkapixpk or 2 .pkcs11spinloc file in /tmp...

Code injection

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 .pkapixpk or 2 .pkcs11spinloc file in /tmp...

CVE-2012-4454

CVE-2012-4454 affects openCryptoki prior to 2.4.1. When using spinlocks, it enables local users to create or set world-writable permissions on arbitrary files via a symlink attack on the files in /tmp named (1) .pkapi_xpk or (2) .pkcs11spinloc. The underlying issue is insecure handling related to...

CVE-2012-4454

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 .pkapixpk or 2 .pkcs11spinloc file in /tmp...

CVE-2012-4455

CVE-2012-4455 affects openCryptoki 2.4.1. Local users can create or set world-writable permissions on arbitrary files via a symlink attack on the /var/lock directory (LCK..opencryptoki or LCK..opencryptoki_stdll). This is a local-privilege and file-permission manipulation issue with CVSS v2 base ...

CVE-2012-4455

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 LCK..opencryptoki or 2 LCK..opencryptokistdll file in /var/lock/...

CVE-2012-4455

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 LCK..opencryptoki or 2 LCK..opencryptokistdll file in /var/lock/...

CVE-2012-4454

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 .pkapixpk or 2 .pkcs11spinloc file in /tmp...

PT-2012-5411 · Ibm +1 · Opencryptoki +1

Name of the Vulnerable Software and Affected Versions: openCryptoki version 2.4.1 Description: The issue allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 LCK..opencryptoki or 2 LCK..opencryptoki stdll file in /var/lock/...

PT-2012-5410 · Opencryptoki +1 · Opencryptoki +1

Name of the Vulnerable Software and Affected Versions: openCryptoki versions prior to 2.4.1 Description: The issue allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the .pkapi xpk or .pkcs11spinloc file in /tmp. This is possible when using...

SuSE 10 Security Update : openCryptoki (ZYPP Patch Number 4244)

The openCryptoki crypto framework package has been updated to fix a incorrect crypto initialisation which leads to weak IV initial vectors. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...