Computer Security
[EN] securityvulns.ru no-pyccku


Centrify Deployment Manager symbolic links vulnerability
updated since 09.12.2012
Published:02.01.2013
Source:
SecurityVulns ID:12762
Type:local
Threat Level:
5/10
Description:Insecure temporary files creation.
Affected:CENTRIFY : Centrify Deployment Manager 2.1
CVE:CVE-2012-6348 (Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.)
Original documentdocumentlarry0_(at)_me.com, Local root exploit for Centrify Deployment Manager < v2.1.0.283 local root (02.01.2013)
 documentlarry0_(at)_me.com, Centrify Deployment Manager v2.1.0.283 local root (11.12.2012)
 documentlarry0_(at)_me.com, Centrify Deployment Manager v2.1.0.283 (09.12.2012)
Files:Local root exploit for Centrify Deployment Manager

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod