CVE-2012-6348

Centrify Deployment Manager 2.1.0.283 - Arbitrary File Write via Symlink Attack on Temporary Files

Title source: llm

Description

Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.

References (7)

Core 7

Core References

Various Sources x_refsource_misc

http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html

Various Sources x_refsource_misc

http://vapid.dhs.org/exploits/centrify_local_r00t.c

Scores

EPSS 0.0031

EPSS Percentile 22.9%

Details

CWE

CWE-59

Status published

Products (2)

centrify/centrify_deployment_manager 2.1.0.283

centrify/centrify_suite < 2012

Published Jan 04, 2013

Tracked Since Feb 18, 2026