|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2012:1705-1)|
|Summary:||The remote host is missing an update for the 'openCryptoki' package(s) announced via the SUSE-SU-2012:1705-1 advisory.|
The remote host is missing an update for the 'openCryptoki' package(s) announced via the SUSE-SU-2012:1705-1 advisory.
openCryptoki had insecure lock file handling, which might have allowed local users with pkcs11 privileges to look at other local users pkcs11 credentials.
Some additional small fixes in pkcsslotd were fixed:
* Set pkcsslotd pid to /var/run/pkcsslotd.pid
* Removed spurious '-' before no-header option on ps
* Sending output of pkcs11_startup to syslog via logger
Security Issue references:
'openCryptoki' package(s) on SUSE Linux Enterprise Software Development Kit 11 SP2, SUSE Linux Enterprise Server 11 SP2
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2012-4454|
BugTraq ID: 55627
XForce ISS Database: opencryptoki-mutliple-symlink(78797)
Common Vulnerability Exposure (CVE) ID: CVE-2012-4455
XForce ISS Database: opencryptoki-file-symlink(78943)
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.