Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2012.1705.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2012:1705-1)
Summary:The remote host is missing an update for the 'openCryptoki' package(s) announced via the SUSE-SU-2012:1705-1 advisory.
Description:Summary:
The remote host is missing an update for the 'openCryptoki' package(s) announced via the SUSE-SU-2012:1705-1 advisory.

Vulnerability Insight:
openCryptoki had insecure lock file handling, which might have allowed local users with pkcs11 privileges to look at other local users pkcs11 credentials.

Some additional small fixes in pkcsslotd were fixed:

* Set pkcsslotd pid to /var/run/pkcsslotd.pid
* Removed spurious '-' before no-header option on ps
* Sending output of pkcs11_startup to syslog via logger

Security Issue references:

* CVE-2012-4454
>
* CVE-2012-4455
>

Affected Software/OS:
'openCryptoki' package(s) on SUSE Linux Enterprise Software Development Kit 11 SP2, SUSE Linux Enterprise Server 11 SP2

Solution:
Please install the updated package(s).

CVSS Score:
6.2

CVSS Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-4454
BugTraq ID: 55627
http://www.securityfocus.com/bid/55627
https://bugzilla.redhat.com/show_bug.cgi?id=730636
http://sourceforge.net/mailarchive/message.php?msg_id=28878345
http://www.openwall.com/lists/oss-security/2012/09/07/2
http://www.openwall.com/lists/oss-security/2012/09/07/6
http://www.openwall.com/lists/oss-security/2012/09/09/2
http://www.openwall.com/lists/oss-security/2012/09/20/6
http://www.openwall.com/lists/oss-security/2012/09/25/5
http://www.openwall.com/lists/oss-security/2012/09/27/2
http://secunia.com/advisories/50702
XForce ISS Database: opencryptoki-mutliple-symlink(78797)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78797
Common Vulnerability Exposure (CVE) ID: CVE-2012-4455
http://sourceforge.net/mailarchive/message.php?msg_id=29191022
XForce ISS Database: opencryptoki-file-symlink(78943)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78943
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.