Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Sep 2012 20:03:20 -0500
From: Raphael Geissert <>
Subject: CVE request: opencryptoki insecure lock files handling


Niels Heinen (Google) discovered that openCryptoki 2.4.0 and older, when 
spinlocks are used, incorrectly handle lock files stored in /tmp. It is 
possible for an attacker to replace the lock files with symlinks and have 
pkcsslotd (or others) fchmod the target of the symlink to make it world-
writable, create arbitrary files, etc.
In response, upstream released 2.4.1[1] which fixed the fchmod issue (commits 
[3] and [4]).
Niels discovered that 2.4.1 still allowed arbitrary files creation by 
following symlinks. Upstream then released 2.4.2[2], fixing this last issue 
(commits [5] and [6]).

Even with the fixes in 2.4.2, members of the pkcs11 group could still use 
symlink attacks. However, as per upstream's documentation, members of such 
group are expected to be trusted[7].

Could CVE ids be assigned?

[1] 2.4.1 announcement:
[2] 2.4.2 announcement:

Raphael Geissert - Debian Developer -

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ