CVE-2012-3504 Information

Description

The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the \list\ file in the current working directory.

Reference

http://www.openwall.com/lists/oss-security/2012/10/02/3 http://www.securityfocus.com/bid/55756 https://bugzilla.redhat.com/show_bug.cgi?id=849256 https://exchange.xforce.ibmcloud.com/vulnerabilities/79016