Vulnerability Description
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Centrify | Directcontrol | 3.0 |
| Centrify | Centrify Suite | 2008 |
Related Weaknesses (CWE)
References
- http://twitter.com/travemme/statuses/525298393971564544
- http://www.centrify.com/support/announcements.asp#20141014
- https://exploithub.com/centrify-data-leakage.html
- http://twitter.com/travemme/statuses/525298393971564544
- http://www.centrify.com/support/announcements.asp#20141014
- https://exploithub.com/centrify-data-leakage.html
FAQ
What is CVE-2014-7298?
CVE-2014-7298 is a vulnerability with a CVSS score of 4.9 (MEDIUM). adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging im...
How severe is CVE-2014-7298?
CVE-2014-7298 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7298?
Check the references section above for vendor advisories and patch information. Affected products include: Centrify Directcontrol, Centrify Centrify Suite.