CVE-2014-0595

Novell Open Enterprise Server - Memory Corruption

Title source: rule

Description

/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator.

References (3)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00030.html

[Vendor Advisory] http://www.novell.com/support/kb/doc.php?id=7014932

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/67144

Scores

EPSS 0.0013

EPSS Percentile 31.7%

Classification

CWE

CWE-119

Status draft

Affected Products (1)

novell/open_enterprise_server

Timeline

Published May 08, 2014

Tracked Since Feb 18, 2026