- Description
- Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 3.3
- Impact score
- 4.9
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:N/I:P/A:P
- nvd@nist.gov
- CWE-59
- Hype score
- Not currently trending
- CentrifyCentrify had addressed this issue in an update released on Thursday, Dec 13. The Deployment Manager component is updated to 2.1.5 and it is available in the Suite 2012.5 release, which can be downloaded from: http://www.centrify.com/support/downloadcenter.asp.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centrify:centrify_deployment_manager:2.1.0.283:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBA350D1-C11D-4E2F-97A2-6EE8AD261478"
},
{
"criteria": "cpe:2.3:a:centrify:centrify_suite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D94CE798-3856-4DA6-81BA-3BBA1A2CC0A8",
"versionEndIncluding": "2012"
}
],
"operator": "OR"
}
]
}
]