CVE-2014-7298

Published: Oct 24, 2014Modified: May 6, 2026

4.9

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability: 3.9 / Impact: 6.9

Source: NVD

Description

adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

Affected (6)

Products: Centrify: Directcontrol, Centrify Suite

Centrify

2 products

Directcontrol

Centrify Suite

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Centrify Directcontrol	Version 3.0
Centrify Directcontrol	Version 4.2.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Centrify Centrify Suite	Version 2008
Centrify Centrify Suite	Version 2012.5
Centrify Centrify Suite	Version 2012
Centrify Centrify Suite	Version 2014.1

Related CWEs

CWE-264

References (6)

http://twitter.com/travemme/statuses/525298393971564544

Source: cve@mitre.org

http://www.centrify.com/support/announcements.asp#20141014

Source: cve@mitre.org

https://exploithub.com/centrify-data-leakage.html

Source: cve@mitre.org

http://twitter.com/travemme/statuses/525298393971564544

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.centrify.com/support/announcements.asp#20141014

Source: af854a3a-2127-422b-91ae-364da2661108

https://exploithub.com/centrify-data-leakage.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.