{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-01-04T21:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20121218 Local root exploit for Centrify Deployment Manager < v2.1.0.283 local root", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"}, {"name": "20121213 Re: Centrify Deployment Manager v2.1.0.283", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"}, {"name": "20121204 Centrify Deployment Manager v2.1.0.283", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"}, {"name": "20121207 Centrify Deployment Manager v2.1.0.283 local root", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"}, {"tags": ["x_refsource_MISC"], "url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"}, {"name": "20121204 Centrify Deployment Manager v2.1.0.283", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"}, {"tags": ["x_refsource_MISC"], "url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6348", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20121218 Local root exploit for Centrify Deployment Manager < v2.1.0.283 local root", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"}, {"name": "20121213 Re: Centrify Deployment Manager v2.1.0.283", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"}, {"name": "20121204 Centrify Deployment Manager v2.1.0.283", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"}, {"name": "20121207 Centrify Deployment Manager v2.1.0.283 local root", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"}, {"name": "http://vapid.dhs.org/exploits/centrify_local_r00t.c", "refsource": "MISC", "url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"}, {"name": "20121204 Centrify Deployment Manager v2.1.0.283", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"}, {"name": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html", "refsource": "MISC", "url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:28:39.705Z"}, "title": "CVE Program Container", "references": [{"name": "20121218 Local root exploit for Centrify Deployment Manager < v2.1.0.283 local root", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"}, {"name": "20121213 Re: Centrify Deployment Manager v2.1.0.283", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"}, {"name": "20121204 Centrify Deployment Manager v2.1.0.283", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"}, {"name": "20121207 Centrify Deployment Manager v2.1.0.283 local root", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"}, {"name": "20121204 Centrify Deployment Manager v2.1.0.283", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-6348", "datePublished": "2013-01-04T21:00:00.000Z", "dateReserved": "2012-12-13T00:00:00.000Z", "dateUpdated": "2024-09-16T16:37:56.078Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:centrify:centrify_deployment_manager:2.1.0.283:*:*:*:*:*:*:*", "matchCriteriaId": "EBA350D1-C11D-4E2F-97A2-6EE8AD261478", "vulnerable": true}, {"criteria": "cpe:2.3:a:centrify:centrify_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "D94CE798-3856-4DA6-81BA-3BBA1A2CC0A8", "versionEndIncluding": "2012", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file."}, {"lang": "es", "value": "Centrify Deployment Manager v2.1.0.283, como las distribuidas en Centrify Suite anteriores a v2012.5, permite a usuarios locales (1) sobrescribir ficheros mediante un ataque de enlaces simb\u00f3licos sobre el fichero temporal adcheckDMoutput, o (2) sobrescribir ficheros y consecuentemente obtener privilegios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre el fichero temporal centrify.cmd.0."}], "id": "CVE-2012-6348", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-01-04T21:55:01.883", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"}, {"source": "cve@mitre.org", "url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"}, {"source": "cve@mitre.org", "url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Centrify had addressed this issue in an update released on Thursday, Dec 13. The Deployment Manager component is updated to 2.1.5 and it is available in the Suite 2012.5 release, which can be downloaded from: http://www.centrify.com/support/downloadcenter.asp.", "lastModified": "2013-02-08T00:00:00", "organization": "Centrify"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}