Vulnerability Details : CVE-2012-4455
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.
Products affected by CVE-2012-4455
- cpe:2.3:a:opencryptoki_project:opencryptoki:2.4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-4455
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-4455
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.2
|
MEDIUM | AV:L/AC:H/Au:N/C:C/I:C/A:C |
1.9
|
10.0
|
NIST |
CWE ids for CVE-2012-4455
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4455
-
http://sourceforge.net/mailarchive/message.php?msg_id=29191022
openCryptoki / [Opencryptoki-tech] opencryptoki release 2.4.2
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78943
openCryptoki file symlink CVE-2012-4455 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2012/09/25/5
oss-security - Re: CVE request: opencryptoki insecure lock files handling
-
http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=5667edb52cd27b7e512f48f823b4bcc6b872ab15
openCryptoki / None tools
-
https://bugzilla.redhat.com/show_bug.cgi?id=730636
730636 – (CVE-2012-4454, CVE-2012-4455) CVE-2012-4454 CVE-2012-4455 opencryptoki: insecure handling of files in the /tmp directory
-
http://www.securityfocus.com/bid/55627
openCryptoki Multiple Insecure File Creation Vulnerabilities
-
http://www.openwall.com/lists/oss-security/2012/09/09/2
oss-security - Re: CVE request: opencryptoki insecure lock files handling
-
http://www.openwall.com/lists/oss-security/2012/09/20/6
oss-security - Re: CVE request: opencryptoki insecure lock files handling
-
http://www.openwall.com/lists/oss-security/2012/09/27/2
oss-security - Re: CVE request: opencryptoki insecure lock files handling
-
http://www.openwall.com/lists/oss-security/2012/09/07/2
oss-security - CVE request: opencryptoki insecure lock files handling
-
http://www.openwall.com/lists/oss-security/2012/09/07/6
oss-security - Re: CVE request: opencryptoki insecure lock files handling
Jump to