REDHAT-BUG-730636
First published: Mon Aug 15 2011(Updated: )
opencryptoki, when compiled with -DSPINXPL (as it is in Red Hat Enterprise Linux and Fedora), creates certain dot files in the /tmp directory, such as .pkapi_xpk and .pkcs11spinloc. These are not temporary files and are rather used for locking purposes. They are created in a way that allows symlink attacks. As files are opened RDWR, and not written to, they don't seem to allow file corruption as typical symlink attacks do. It is still possible to create new files at arbitrary locations (e.g. /etc/nologin) or make arbitrary file world writable (e.g. /etc/shadow) with the privileges of the user running pkcsslotd or an application using opencrpytoki library. Attacker does not need to be a member of the pkcs11 group, though symlinks would usually need to be created before the first use of the opencryptoki on the system.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opencryptoki | ||
| Opencryptoki |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sourceforge.net/p/opencryptoki/opencryptoki/ci/58345488c9351d9be9a4be27c8b407c2706a33a9
- http://sourceforge.net/p/opencryptoki/opencryptoki/ci/b7fcb3eb0319183348f1f4fb90ede4edd6487c30
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=730636#c2
- http://sourceforge.net/p/opencryptoki/opencryptoki/ci/5834548
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=730636#c0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=730635
- http://thread.gmane.org/gmane.comp.security.oss.general/8334
- https://access.redhat.com/security/cve/CVE-2012-4454
- http://thread.gmane.org/gmane.comp.security.oss.general/8334/focus=8509
- https://access.redhat.com/security/cve/CVE-2012-4455
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=730636#c6
- http://sourceforge.net/p/opencryptoki/opencryptoki/ci/8a63b3b17d34718d0f8c7525f93b5eb3c623076a
- https://rhn.redhat.com/errata/RHBA-2013-1592.html
- https://bugzilla.redhat.com/show_bug.cgi?id=730636
Frequently Asked Questions
What is the severity of REDHAT-BUG-730636?
The severity of REDHAT-BUG-730636 is classified as moderate due to the potential for file-related vulnerabilities in opencryptoki.
How do I fix REDHAT-BUG-730636?
To fix REDHAT-BUG-730636, ensure that opencryptoki is updated to the latest version where this issue is addressed.
What systems are affected by REDHAT-BUG-730636?
REDHAT-BUG-730636 affects Red Hat Enterprise Linux and Fedora systems running opencryptoki compiled with -DSPINXPL.
What kind of files does REDHAT-BUG-730636 create in the /tmp directory?
REDHAT-BUG-730636 creates locking dot files like .pkapi_xpk and .pkcs11spinloc in the /tmp directory.
Is the creation of dot files in /tmp a security risk in REDHAT-BUG-730636?
Yes, the creation of these dot files in /tmp can pose a security risk, particularly if exploited through symlink attacks.
- collector/redhat-bugzilla
- alias/CVE-2012-4454
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/opencryptoki
- vendor/fedora