openCryptoki 2.4.1 allows local users to create or set world-writable
permissions on arbitrary files via a symlink attack on the (1)
LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.
 mdeslaur> 2.4.1 moved lock files from /tmp to /var/lock, but /var/lock is
 mdeslaur> world writable on certain distros, such as debian and ubuntu.
 mdeslaur> 2.4.2 moved them to /var/lock/opencryptoki
 mdeslaur> members of the pkcs11 group are considered trusted by upstream
 mdeslaur> and can escalate privileges to root even after the upstream
 mdeslaur> patches. See oss-security discussion.
 mdeslaur> Moving this to /var/lock/opencryptoki makes the problem worse
 mdeslaur> for members of the pkcs11 group as that directory wouldn't be
 mdeslaur> covered by symlink restrictions. Fix shouldn't be applied to
 mdeslaur> natty+
 mdeslaur> Fixing this in lucid would only prevent users who are not in
 mdeslaur> the pkcs11 group from escalating permissions. Since it is likely
 mdeslaur> that local users that have this installed are in that group,
 mdeslaur> this is downgraded to low.
Upstream:released (2.4.2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):ignored (reached end-of-life)
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Upstream:;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30 (pt1)
Upstream:;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9 (pt2)
Upstream:;a=commitdiff;h=8a63b3b17d34718d0f8c7525f93b5eb3c623076a (pt3)
Upstream:;a=commitdiff;h=5667edb52cd27b7e512f48f823b4bcc6b872ab15 (pt4)
More Information

Updated: 2018-01-15 13:15:19 UTC (commit 14005)