BID:58618

Gemalto Tokend CVE-2013-1867 Arbitrary File Creation or Overwrite Vulnerability

CVE-2013-1867 |

Info

Gemalto Tokend CVE-2013-1867 Arbitrary File Creation or Overwrite Vulnerability

Bugtraq ID:	58618
Class:	Design Error
CVE:	CVE-2013-1867
Remote:	No
Local:	Yes
Published:	Mar 20 2013 12:00AM
Updated:	Mar 20 2013 12:00AM
Credit:	Dirk-Willem van Gulik
Vulnerable:	Gemalto Tokend 0

Not Vulnerable:

Discussion

Gemalto Tokend CVE-2013-1867 Arbitrary File Creation or Overwrite Vulnerability

Tokend is prone to a vulnerability that allows attackers to create or overwrite arbitrary files on a vulnerable computer.

An attacker can exploit this issue to create or overwrite arbitrary files on the computer running the affected application. This may aid in further attacks.

Exploit / POC

Gemalto Tokend CVE-2013-1867 Arbitrary File Creation or Overwrite Vulnerability

An attacker requires physical access to exploit the issue.

Solution / Fix

Gemalto Tokend CVE-2013-1867 Arbitrary File Creation or Overwrite Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Gemalto Tokend CVE-2013-1867 Arbitrary File Creation or Overwrite Vulnerability

References:

CVE-2013-1867: tokend (Apple, Gemalto) - privacy leak & arbitrary file creation (Full Disclosure)
Gemalto Homepage (Gemalto NV)
TokenD Homepage (TokenD)