CVE-2012-6348

high

Description

Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.

References

http://vapid.dhs.org/exploits/centrify_local_r00t.c

http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html

http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html

http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html

http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html

http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html

http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html

Details

Source: Mitre, NVD

Published: 2013-01-04

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Severity: High

EPSS

EPSS: 0.00047