PT-2013-1926 · Centrify · Centrify Suite+1

Larry W. Cashdollar

Publicado

2013-01-04

Atualizado

2013-01-08

CVE-2012-6348

CVSS v2.0

3.3

Baixa

Vetor

AV:L/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Centrify Deployment Manager version 2.1.0.283 Centrify Suite versions prior to 2012.5

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file. Additionally, it enables local users to overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.

Recommendations For Centrify Deployment Manager version 2.1.0.283, consider updating to a version that is part of Centrify Suite 2012.5 or later. For Centrify Suite versions prior to 2012.5, update to Centrify Suite 2012.5 or later to resolve the issue.

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

CVE-2012-6348

Produtos afetados

Centrify Deployment Manager

Centrify Suite

PT-2013-1926 · Centrify · Centrify Suite+1

CVE-2012-6348

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8