Lucene search

[email protected]NVD:CVE-2012-6348

HistoryJan 04, 2013 - 9:55 p.m.

CVE-2012-6348

2013-01-0421:55:01

CWE-59

[email protected]

web.nvd.nist.gov

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.

Affected configurations

NVD

Node

centrifycentrify_deployment_managerMatch2.1.0.283

centrifycentrify_suiteRange≤2012

References

archives.neohapsis.com/archives/bugtraq/2012-12/0036.html

archives.neohapsis.com/archives/bugtraq/2012-12/0037.html

archives.neohapsis.com/archives/bugtraq/2012-12/0071.html

archives.neohapsis.com/archives/bugtraq/2012-12/0097.html

archives.neohapsis.com/archives/bugtraq/2012-12/0113.html

vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html

vapid.dhs.org/exploits/centrify_local_r00t.c

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2012-6348

cve1 prion1 packetstorm1 securityvulns2 cvelist1