CVE-2012-4455

2012-10-1000:00:00

ubuntu.com

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

EPSS

Percentile

5.1%

JSON

openCryptoki 2.4.1 allows local users to create or set world-writable
permissions on arbitrary files via a symlink attack on the (1)
LCK…opencryptoki or (2) LCK…opencryptoki_stdll file in /var/lock/.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689417>

Notes

Author	Note
mdeslaur	2.4.1 moved lock files from /tmp to /var/lock, but /var/lock is world writable on certain distros, such as debian and ubuntu. 2.4.2 moved them to /var/lock/opencryptoki members of the pkcs11 group are considered trusted by upstream and can escalate privileges to root even after the upstream patches. See oss-security discussion. Moving this to /var/lock/opencryptoki makes the problem worse for members of the pkcs11 group as that directory wouldn’t be covered by symlink restrictions. Fix shouldn’t be applied to natty+ Fixing this in lucid would only prevent users who are not in the pkcs11 group from escalating permissions. Since it is likely that local users that have this installed are in that group, this is downgraded to low.

Author

Note

mdeslaur

2.4.1 moved lock files from /tmp to /var/lock, but /var/lock is world writable on certain distros, such as debian and ubuntu. 2.4.2 moved them to /var/lock/opencryptoki members of the pkcs11 group are considered trusted by upstream and can escalate privileges to root even after the upstream patches. See oss-security discussion. Moving this to /var/lock/opencryptoki makes the problem worse for members of the pkcs11 group as that directory wouldn’t be covered by symlink restrictions. Fix shouldn’t be applied to natty+ Fixing this in lucid would only prevent users who are not in the pkcs11 group from escalating permissions. Since it is likely that local users that have this installed are in that group, this is downgraded to low.