CVE-2012-4454
CVE-2012-4454 affects openCryptoki prior to 2.4.1. When using spinlocks, it enables local users to create or set world-writable permissions on arbitrary files via a symlink attack on the files in /tmp named (1) .pkapi_xpk or (2) .pkcs11spinloc. The underlying issue is insecure handling related to...