47 matches found
CVE-2013-7366
The SAP Software Deployment Manager SDM, in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications...
Design/Logic Flaw
The SAP Software Deployment Manager SDM, in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications...
CVE-2013-7366
The SAP Software Deployment Manager SDM, in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications...
CVE-2013-7366
The CVE-2013-7366 entry concerns SAP Software Deployment Manager (SDM). In certain unspecified conditions, it allows remote attackers to cause a denial of service via vectors related to failed authentications. Reported impact is a Partial Availability DoS with CVSS v2 base score 5.0 (Network atta...
SAS Integration Technologies Client 9.31_M1 SASspk.dll - Stack Overflow
SAS Integration Technologies Client 9.31M1 SASspk.dll - Stack Overflow !-- SAS Integration Technologies Client 9.31M1 SASspk.dll Stack-based Overflow Vendor: SAS Institute Inc. Product web page: http://www.sas.com Affected version: Deployment Manager 9.3.0.0 Model 12.05, TS1M2 SAS Integration...
SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow
!-- SAS Integration Technologies Client 9.31M1 SASspk.dll Stack-based Overflow Vendor: SAS Institute Inc. Product web page: http://www.sas.com Affected version: Deployment Manager 9.3.0.0 Model 12.05, TS1M2 SAS Integration Technologies Client 9.31M1 Summary: SAS Integration Technologies provides...
SAS Integration Technologies Client 9.31_M1 Buffer Overflow
The SASspk module SASspk.dll version 9.310.0.11307, has a function called 'RetrieveBinaryFile' which has one parameter called 'bstrFileName' which takes arguments as strings as defined in the function itself as ISPKBinaryFile from the SASPackageRetrieve library. Stack-based buffer overflow was...
CVE-2012-6348
CVE-2012-6348 affects Centrify Deployment Manager 2.1.0.283 (as distributed in Centrify Suite before 2012.5). Affected component is the use of insecure temporary files that can be targeted via symlink attacks: adcheckDMoutput and centrify.cmd.0. Local attackers can overwrite arbitrary files and, ...
CVE-2012-6348
Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to 1 overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or 2 overwrite arbitrary files and consequently gain privileges via a symlink attack on the...
Local root exploit for Centrify Deployment Manager < v2.1.0.283 local root
/Local root exploit for Centrify Deployment Manager v2.1.0.283 local root, Centrify released a fix very quickly - nice vendor response. http://vapid.dhs.org/exploits/centrifylocalr00t.c CVE-2012-6348 12/17/2012 http://vapid.dhs.org/advisories/centrifydeploymentmanagerinsecuretmp2.html Greetings...
Centrify Deployment Manager symbolic links vulnerability
Insecure temporary files creation...
Centrify Deployment Manager 2.1.0.283 Local Root
/Local root exploit for Centrify Deployment Manager v2.1.0.283 local root, Centrify released a fix very quickly - nice vendor response. CVE-2012-6348 12/17/2012 http://vapid.dhs.org/advisories/centrifydeploymentmanagerinsecuretmp2.html Greetings vladz, Thanks for the inotify & syscall technique...
Centrify Deployment Manager v2.1.0.283 local root
Centrify Deployment Manager v2.1.0.283 local root 12/7/2012 Taking a little longer look at the software, I managed to win a race condition and get root with files in /tmp. Here is my analysis: root@h0g:/tmp ls -l /etc/shadow -r-------- 1 root shadow 1010 Dec 7 21:42 /etc/shadow root@h0g:/tmp...
Centrify Deployment Manager 2.1.0.283 - Local Privilege Escalation
Centrify Deployment Manager 2.1.0.283 - Local Privilege Escalation Centrify Deployment Manager v2.1.0.283 local root 12/7/2012 Taking a little longer look at the software, I managed to win a race condition and get root with files in /tmp. Here is my analysis: root@h0g:/tmp ls -l /etc/shadow...
Centrify Deployment Manager v2.1.0.283
Centrify Deployment Manager v2.1.0.283 While at a training session for centrify, I noticed poor handling of files in /tmp. I was able to overwrite /etc/shadow with the contents of adcheckDMoutput. I am sure there are more vulnerabilities to be exploit, maybe a local root - but being this is a...
Centrify Deployment Manager 2.1.0.283 - Local Privilege Escalation
Centrify Deployment Manager v2.1.0.283 local root 12/7/2012 Taking a little longer look at the software, I managed to win a race condition and get root with files in /tmp. Here is my analysis: root@h0g:/tmp ls -l /etc/shadow -r-------- 1 root shadow 1010 Dec 7 21:42 /etc/shadow root@h0g:/tmp...
Centrify Deployment Manager 2.1.0.283 Local Root
Centrify Deployment Manager v2.1.0.283 local root 12/7/2012 Taking a little longer look at the software, I managed to win a race condition and get root with files in /tmp. Here is my analysis: root@h0g:/tmp ls -l /etc/shadow -r-------- 1 root shadow 1010 Dec 7 21:42 /etc/shadow root@h0g:/tmp...
Centrify Deployment Manager 2.1.0.283 Local Root Vulnerability
Centrify Deployment Manager version 2.1.0.283 suffers from a race condition in /tmp that allows for local root privilege escalation. Centrify Deployment Manager v2.1.0.283 local root 12/7/2012 Taking a little longer look at the software, I managed to win a race condition and get root with files i...
Centrify Deployment Manager v2.1.0.283 File Overwrite Vulnerability
Centrify Deployment Manager v2.1.0.283 version 2.1.0.283 appears to suffer from a root-level file overwrite vulnerability due to an insecure use of /tmp. Centrify Deployment Manager v2.1.0.283 While at a training session for centrify, I noticed poor handling of files in /tmp. I was able to...
CVE-2010-2625
Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-00, 01-01, and 06-00 through 06-00-/A; ServerConductor / Deployment Manager Standard Edition and Enterprise Edition 07-50 through 07-55, and 07-57 through 07-59; and...