CVE-2012-4454

2012-10-1000:00:00

ubuntu.com

2.9 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

10.2%

JSON

openCryptoki before 2.4.1, when using spinlocks, allows local users to
create or set world-writable permissions on arbitrary files via a symlink
attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689417>

Notes

Author	Note
mdeslaur	members of the pkcs11 group are considered trusted by upstream and can escalate privileges to root even after the upstream patches. See oss-security discussion. Moving this to /var/lock/opencryptoki makes the problem worse for members of the pkcs11 group as that directory wouldn’t be covered by symlink restrictions. Fix shouldn’t be applied to natty+ Fixing this in lucid would only prevent users who are not in the pkcs11 group from escalating permissions. Since it is likely that local users that have this installed are in that group, this is downgraded to low.

Author

Note

mdeslaur

members of the pkcs11 group are considered trusted by upstream and can escalate privileges to root even after the upstream patches. See oss-security discussion. Moving this to /var/lock/opencryptoki makes the problem worse for members of the pkcs11 group as that directory wouldn’t be covered by symlink restrictions. Fix shouldn’t be applied to natty+ Fixing this in lucid would only prevent users who are not in the pkcs11 group from escalating permissions. Since it is likely that local users that have this installed are in that group, this is downgraded to low.