Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6348

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2012-6348
Last Modified 08 Jan 2013 12:00:00
Published 04 Jan 2013 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6348

Summary

Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.

Vulnerable Systems

Application

  • Centrify Deployment Manager 2.1.0.283

  • Centrify Suite 2012


References

MISC - http://vapid.dhs.org/exploits/centrify_local_r00t.c

MISC - http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html

BUGTRAQ - 20121218 Local root exploit for Centrify Deployment Manager < v2.1.0.283 local root

BUGTRAQ - 20121213 Re: Centrify Deployment Manager v2.1.0.283

BUGTRAQ - 20121207 Centrify Deployment Manager v2.1.0.283 local root

BUGTRAQ - 20121204 Centrify Deployment Manager v2.1.0.283


Last Updated: 27 May 2016 11:01:34