Search
Find a vulnerability
Search criteria
4 vulnerabilities by centrify
CVE-2014-7298 (GCVE-0-2014-7298)
Vulnerability from nvd – Published: 2014-10-24 10:00 – Updated: 2024-08-06 12:47
VLAI
EPSS
VEX
Summary
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exploithub.com/centrify-data-leakage.html | x_refsource_MISC |
| http://twitter.com/travemme/statuses/525298393971564544 | x_refsource_MISC |
| http://www.centrify.com/support/announcements.asp… | x_refsource_CONFIRM |
Date Public
2014-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exploithub.com/centrify-data-leakage.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/travemme/statuses/525298393971564544"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.centrify.com/support/announcements.asp#20141014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-24T09:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exploithub.com/centrify-data-leakage.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/travemme/statuses/525298393971564544"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.centrify.com/support/announcements.asp#20141014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exploithub.com/centrify-data-leakage.html",
"refsource": "MISC",
"url": "https://exploithub.com/centrify-data-leakage.html"
},
{
"name": "http://twitter.com/travemme/statuses/525298393971564544",
"refsource": "MISC",
"url": "http://twitter.com/travemme/statuses/525298393971564544"
},
{
"name": "http://www.centrify.com/support/announcements.asp#20141014",
"refsource": "CONFIRM",
"url": "http://www.centrify.com/support/announcements.asp#20141014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7298",
"datePublished": "2014-10-24T10:00:00.000Z",
"dateReserved": "2014-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:47:32.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6348 (GCVE-0-2012-6348)
Vulnerability from nvd – Published: 2013-01-04 21:00 – Updated: 2024-09-16 16:37
VLAI
EPSS
VEX
Summary
Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://vapid.dhs.org/exploits/centrify_local_r00t.c | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://vapid.dhs.org/advisories/centrify_deployme… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20121218 Local root exploit for Centrify Deployment Manager \u003c v2.1.0.283 local root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"
},
{
"name": "20121213 Re: Centrify Deployment Manager v2.1.0.283",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"
},
{
"name": "20121204 Centrify Deployment Manager v2.1.0.283",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"
},
{
"name": "20121207 Centrify Deployment Manager v2.1.0.283 local root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"
},
{
"name": "20121204 Centrify Deployment Manager v2.1.0.283",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-04T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20121218 Local root exploit for Centrify Deployment Manager \u003c v2.1.0.283 local root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"
},
{
"name": "20121213 Re: Centrify Deployment Manager v2.1.0.283",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"
},
{
"name": "20121204 Centrify Deployment Manager v2.1.0.283",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"
},
{
"name": "20121207 Centrify Deployment Manager v2.1.0.283 local root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"
},
{
"name": "20121204 Centrify Deployment Manager v2.1.0.283",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121218 Local root exploit for Centrify Deployment Manager \u003c v2.1.0.283 local root",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"
},
{
"name": "20121213 Re: Centrify Deployment Manager v2.1.0.283",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"
},
{
"name": "20121204 Centrify Deployment Manager v2.1.0.283",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"
},
{
"name": "20121207 Centrify Deployment Manager v2.1.0.283 local root",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"
},
{
"name": "http://vapid.dhs.org/exploits/centrify_local_r00t.c",
"refsource": "MISC",
"url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"
},
{
"name": "20121204 Centrify Deployment Manager v2.1.0.283",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"
},
{
"name": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html",
"refsource": "MISC",
"url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6348",
"datePublished": "2013-01-04T21:00:00.000Z",
"dateReserved": "2012-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:37:56.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7298 (GCVE-0-2014-7298)
Vulnerability from cvelistv5 – Published: 2014-10-24 10:00 – Updated: 2024-08-06 12:47
VLAI
EPSS
VEX
Summary
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exploithub.com/centrify-data-leakage.html | x_refsource_MISC |
| http://twitter.com/travemme/statuses/525298393971564544 | x_refsource_MISC |
| http://www.centrify.com/support/announcements.asp… | x_refsource_CONFIRM |
Date Public
2014-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exploithub.com/centrify-data-leakage.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/travemme/statuses/525298393971564544"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.centrify.com/support/announcements.asp#20141014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-24T09:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exploithub.com/centrify-data-leakage.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/travemme/statuses/525298393971564544"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.centrify.com/support/announcements.asp#20141014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exploithub.com/centrify-data-leakage.html",
"refsource": "MISC",
"url": "https://exploithub.com/centrify-data-leakage.html"
},
{
"name": "http://twitter.com/travemme/statuses/525298393971564544",
"refsource": "MISC",
"url": "http://twitter.com/travemme/statuses/525298393971564544"
},
{
"name": "http://www.centrify.com/support/announcements.asp#20141014",
"refsource": "CONFIRM",
"url": "http://www.centrify.com/support/announcements.asp#20141014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7298",
"datePublished": "2014-10-24T10:00:00.000Z",
"dateReserved": "2014-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:47:32.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6348 (GCVE-0-2012-6348)
Vulnerability from cvelistv5 – Published: 2013-01-04 21:00 – Updated: 2024-09-16 16:37
VLAI
EPSS
VEX
Summary
Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://vapid.dhs.org/exploits/centrify_local_r00t.c | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://vapid.dhs.org/advisories/centrify_deployme… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20121218 Local root exploit for Centrify Deployment Manager \u003c v2.1.0.283 local root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"
},
{
"name": "20121213 Re: Centrify Deployment Manager v2.1.0.283",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"
},
{
"name": "20121204 Centrify Deployment Manager v2.1.0.283",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"
},
{
"name": "20121207 Centrify Deployment Manager v2.1.0.283 local root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"
},
{
"name": "20121204 Centrify Deployment Manager v2.1.0.283",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-04T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20121218 Local root exploit for Centrify Deployment Manager \u003c v2.1.0.283 local root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"
},
{
"name": "20121213 Re: Centrify Deployment Manager v2.1.0.283",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"
},
{
"name": "20121204 Centrify Deployment Manager v2.1.0.283",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"
},
{
"name": "20121207 Centrify Deployment Manager v2.1.0.283 local root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"
},
{
"name": "20121204 Centrify Deployment Manager v2.1.0.283",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121218 Local root exploit for Centrify Deployment Manager \u003c v2.1.0.283 local root",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"
},
{
"name": "20121213 Re: Centrify Deployment Manager v2.1.0.283",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"
},
{
"name": "20121204 Centrify Deployment Manager v2.1.0.283",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"
},
{
"name": "20121207 Centrify Deployment Manager v2.1.0.283 local root",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"
},
{
"name": "http://vapid.dhs.org/exploits/centrify_local_r00t.c",
"refsource": "MISC",
"url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"
},
{
"name": "20121204 Centrify Deployment Manager v2.1.0.283",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"
},
{
"name": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html",
"refsource": "MISC",
"url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6348",
"datePublished": "2013-01-04T21:00:00.000Z",
"dateReserved": "2012-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:37:56.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}