CVE-2012-6348

Published Jan 4, 2013

Last updated 12 years ago

Overview

Description: Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.3
Impact score: 4.9
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-59

Hype score: Not currently trending

Vendor comments

CentrifyCentrify had addressed this issue in an update released on Thursday, Dec 13. The Deployment Manager component is updated to 2.1.5 and it is available in the Suite 2012.5 release, which can be downloaded from: http://www.centrify.com/support/downloadcenter.asp.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:centrify:centrify_deployment_manager:2.1.0.283:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBA350D1-C11D-4E2F-97A2-6EE8AD261478"
          },
          {
            "criteria": "cpe:2.3:a:centrify:centrify_suite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D94CE798-3856-4DA6-81BA-3BBA1A2CC0A8",
            "versionEndIncluding": "2012"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References