Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for centrify_suite by centrify

    CVE-2014-7298 (GCVE-0-2014-7298)

    Vulnerability from nvd – Published: 2014-10-24 10:00 – Updated: 2024-08-06 12:47
    VLAI
    Summary
    adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:47:32.152Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exploithub.com/centrify-data-leakage.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://twitter.com/travemme/statuses/525298393971564544"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.centrify.com/support/announcements.asp#20141014"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-24T09:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exploithub.com/centrify-data-leakage.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://twitter.com/travemme/statuses/525298393971564544"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.centrify.com/support/announcements.asp#20141014"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-7298",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exploithub.com/centrify-data-leakage.html",
                  "refsource": "MISC",
                  "url": "https://exploithub.com/centrify-data-leakage.html"
                },
                {
                  "name": "http://twitter.com/travemme/statuses/525298393971564544",
                  "refsource": "MISC",
                  "url": "http://twitter.com/travemme/statuses/525298393971564544"
                },
                {
                  "name": "http://www.centrify.com/support/announcements.asp#20141014",
                  "refsource": "CONFIRM",
                  "url": "http://www.centrify.com/support/announcements.asp#20141014"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-7298",
        "datePublished": "2014-10-24T10:00:00.000Z",
        "dateReserved": "2014-10-02T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:47:32.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-6348 (GCVE-0-2012-6348)

    Vulnerability from nvd – Published: 2013-01-04 21:00 – Updated: 2024-09-16 16:37
    VLAI
    Summary
    Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:28:39.705Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20121218 Local root exploit for Centrify Deployment Manager \u003c v2.1.0.283 local root",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"
              },
              {
                "name": "20121213 Re: Centrify Deployment Manager v2.1.0.283",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"
              },
              {
                "name": "20121204 Centrify Deployment Manager v2.1.0.283",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"
              },
              {
                "name": "20121207 Centrify Deployment Manager v2.1.0.283 local root",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"
              },
              {
                "name": "20121204 Centrify Deployment Manager v2.1.0.283",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-01-04T21:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20121218 Local root exploit for Centrify Deployment Manager \u003c v2.1.0.283 local root",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"
            },
            {
              "name": "20121213 Re: Centrify Deployment Manager v2.1.0.283",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"
            },
            {
              "name": "20121204 Centrify Deployment Manager v2.1.0.283",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"
            },
            {
              "name": "20121207 Centrify Deployment Manager v2.1.0.283 local root",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"
            },
            {
              "name": "20121204 Centrify Deployment Manager v2.1.0.283",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-6348",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20121218 Local root exploit for Centrify Deployment Manager \u003c v2.1.0.283 local root",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"
                },
                {
                  "name": "20121213 Re: Centrify Deployment Manager v2.1.0.283",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"
                },
                {
                  "name": "20121204 Centrify Deployment Manager v2.1.0.283",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"
                },
                {
                  "name": "20121207 Centrify Deployment Manager v2.1.0.283 local root",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"
                },
                {
                  "name": "http://vapid.dhs.org/exploits/centrify_local_r00t.c",
                  "refsource": "MISC",
                  "url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"
                },
                {
                  "name": "20121204 Centrify Deployment Manager v2.1.0.283",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"
                },
                {
                  "name": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html",
                  "refsource": "MISC",
                  "url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-6348",
        "datePublished": "2013-01-04T21:00:00.000Z",
        "dateReserved": "2012-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:37:56.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7298 (GCVE-0-2014-7298)

    Vulnerability from cvelistv5 – Published: 2014-10-24 10:00 – Updated: 2024-08-06 12:47
    VLAI
    Summary
    adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:47:32.152Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exploithub.com/centrify-data-leakage.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://twitter.com/travemme/statuses/525298393971564544"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.centrify.com/support/announcements.asp#20141014"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-24T09:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exploithub.com/centrify-data-leakage.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://twitter.com/travemme/statuses/525298393971564544"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.centrify.com/support/announcements.asp#20141014"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-7298",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exploithub.com/centrify-data-leakage.html",
                  "refsource": "MISC",
                  "url": "https://exploithub.com/centrify-data-leakage.html"
                },
                {
                  "name": "http://twitter.com/travemme/statuses/525298393971564544",
                  "refsource": "MISC",
                  "url": "http://twitter.com/travemme/statuses/525298393971564544"
                },
                {
                  "name": "http://www.centrify.com/support/announcements.asp#20141014",
                  "refsource": "CONFIRM",
                  "url": "http://www.centrify.com/support/announcements.asp#20141014"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-7298",
        "datePublished": "2014-10-24T10:00:00.000Z",
        "dateReserved": "2014-10-02T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:47:32.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-6348 (GCVE-0-2012-6348)

    Vulnerability from cvelistv5 – Published: 2013-01-04 21:00 – Updated: 2024-09-16 16:37
    VLAI
    Summary
    Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:28:39.705Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20121218 Local root exploit for Centrify Deployment Manager \u003c v2.1.0.283 local root",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"
              },
              {
                "name": "20121213 Re: Centrify Deployment Manager v2.1.0.283",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"
              },
              {
                "name": "20121204 Centrify Deployment Manager v2.1.0.283",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"
              },
              {
                "name": "20121207 Centrify Deployment Manager v2.1.0.283 local root",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"
              },
              {
                "name": "20121204 Centrify Deployment Manager v2.1.0.283",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-01-04T21:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20121218 Local root exploit for Centrify Deployment Manager \u003c v2.1.0.283 local root",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"
            },
            {
              "name": "20121213 Re: Centrify Deployment Manager v2.1.0.283",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"
            },
            {
              "name": "20121204 Centrify Deployment Manager v2.1.0.283",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"
            },
            {
              "name": "20121207 Centrify Deployment Manager v2.1.0.283 local root",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"
            },
            {
              "name": "20121204 Centrify Deployment Manager v2.1.0.283",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-6348",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20121218 Local root exploit for Centrify Deployment Manager \u003c v2.1.0.283 local root",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"
                },
                {
                  "name": "20121213 Re: Centrify Deployment Manager v2.1.0.283",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"
                },
                {
                  "name": "20121204 Centrify Deployment Manager v2.1.0.283",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"
                },
                {
                  "name": "20121207 Centrify Deployment Manager v2.1.0.283 local root",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"
                },
                {
                  "name": "http://vapid.dhs.org/exploits/centrify_local_r00t.c",
                  "refsource": "MISC",
                  "url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"
                },
                {
                  "name": "20121204 Centrify Deployment Manager v2.1.0.283",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"
                },
                {
                  "name": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html",
                  "refsource": "MISC",
                  "url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-6348",
        "datePublished": "2013-01-04T21:00:00.000Z",
        "dateReserved": "2012-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:37:56.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }