CVE-2012-6348

{"id": "CVE-2012-6348", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-01-04T21:55:01.883", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0036.html", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0037.html", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0071.html", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0097.html", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0113.html", "source": "cve@mitre.org"}, {"url": "http://vapid.dhs.org/advisories/centrify_deployment_manager_insecure_tmp2.html", "source": "cve@mitre.org"}, {"url": "http://vapid.dhs.org/exploits/centrify_local_r00t.c", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file."}, {"lang": "es", "value": "Centrify Deployment Manager v2.1.0.283, como las distribuidas en Centrify Suite anteriores a v2012.5, permite a usuarios locales (1) sobrescribir ficheros mediante un ataque de enlaces simb\u00f3licos sobre el fichero temporal adcheckDMoutput, o (2) sobrescribir ficheros y consecuentemente obtener privilegios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre el fichero temporal centrify.cmd.0."}], "lastModified": "2013-01-08T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:centrify:centrify_deployment_manager:2.1.0.283:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBA350D1-C11D-4E2F-97A2-6EE8AD261478"}, {"criteria": "cpe:2.3:a:centrify:centrify_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D94CE798-3856-4DA6-81BA-3BBA1A2CC0A8", "versionEndIncluding": "2012"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Centrify had addressed this issue in an update released on Thursday, Dec 13. The Deployment Manager component is updated to 2.1.5 and it is available in the Suite 2012.5 release, which can be downloaded from: http://www.centrify.com/support/downloadcenter.asp.", "lastModified": "2013-02-08T00:00:00", "organization": "Centrify"}], "sourceIdentifier": "cve@mitre.org"}