openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.
https://exchange.xforce.ibmcloud.com/vulnerabilities/78797
https://bugzilla.redhat.com/show_bug.cgi?id=730636
http://www.securityfocus.com/bid/55627
http://www.openwall.com/lists/oss-security/2012/09/27/2
http://www.openwall.com/lists/oss-security/2012/09/25/5
http://www.openwall.com/lists/oss-security/2012/09/20/6
http://www.openwall.com/lists/oss-security/2012/09/09/2
http://www.openwall.com/lists/oss-security/2012/09/07/6
http://www.openwall.com/lists/oss-security/2012/09/07/2
http://sourceforge.net/mailarchive/message.php?msg_id=28878345