漏洞信息详情
openCryptoki 后置链接漏洞
- CNNVD编号:CNNVD-201209-709
- 危害等级: 低危
- CVE编号: CVE-2012-4455
- 漏洞类型: 后置链接
- 发布时间: 2012-09-29
- 威胁类型: 本地
- 更新时间: 2012-10-15
- 厂 商: opencryptoki_project
- 漏洞来源: Niels Heinen
漏洞简介
openCryptoki 2.4.1版本中存在漏洞。本地攻击者可利用该漏洞通过/var/lock/目录下的(1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll文件上的符号链接攻击,创建或设置任意文件为所有人可写权限。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://sourceforge.net/mailarchive/message.php?msg_id=29191022
参考网址
来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=730636
来源: XF
名称: opencryptoki-file-symlink(78943)
链接:http://xforce.iss.net/xforce/xfdb/78943
来源: MLIST
名称: [oss-security] 20120927 Re: CVE request: opencryptoki insecure lock files handling
链接:http://www.openwall.com/lists/oss-security/2012/09/27/2
来源: MLIST
名称: [oss-security] 20120924 Re: CVE request: opencryptoki insecure lock files handling
链接:http://www.openwall.com/lists/oss-security/2012/09/25/5
来源: MLIST
名称: [oss-security] 20120920 Re: CVE request: opencryptoki insecure lock files handling
链接:http://www.openwall.com/lists/oss-security/2012/09/20/6
来源: MLIST
名称: [oss-security] 20120909 Re: CVE request: opencryptoki insecure lock files handling
链接:http://www.openwall.com/lists/oss-security/2012/09/09/2
来源: MLIST
名称: [oss-security] 20120907 Re: CVE request: opencryptoki insecure lock files handling
链接:http://www.openwall.com/lists/oss-security/2012/09/07/6
来源: MLIST
名称: [oss-security] 20120906 CVE request: opencryptoki insecure lock files handling
链接:http://www.openwall.com/lists/oss-security/2012/09/07/2
来源: MLIST
名称: [Opencryptoki-tech] 20120427 opencryptoki release 2.4.2
链接:http://sourceforge.net/mailarchive/message.php?msg_id=29191022
来源: SECUNIA
名称: 50702
链接:http://secunia.com/advisories/50702
来源: opencryptoki.git.sourceforge.net
链接:http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=5667edb52cd27b7e512f48f823b4bcc6b872ab15
来源: BID
名称: 55627
链接:http://www.securityfocus.com/bid/55627
受影响实体
- Opencryptoki_project Opencryptoki:2.4.1
补丁
- opencryptoki-2.4.2
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论