2 matches found
CVE-2012-4454
CVE-2012-4454 affects openCryptoki prior to 2.4.1. When using spinlocks, it enables local users to create or set world-writable permissions on arbitrary files via a symlink attack on the files in /tmp named (1) .pkapi_xpk or (2) .pkcs11spinloc. The underlying issue is insecure handling related to...
CVE-2012-4455
CVE-2012-4455 affects openCryptoki 2.4.1. Local users can create or set world-writable permissions on arbitrary files via a symlink attack on the /var/lock directory (LCK..opencryptoki or LCK..opencryptoki_stdll). This is a local-privilege and file-permission manipulation issue with CVSS v2 base ...