CVE-2014-0595 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Open Enterprise Server

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

2.6LOWNVD

EPSS

0.1%

top 68.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Open Enterprise Server

Timeline

PublishedMay 8

Latest updateMay 13

Description

/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator.

CVSS vector

AV:L/AC:H/C:P/I:P/A:NExploitability: 1.9 | Impact: 4.9

Affected Packages1 packages

▶NVDnovell/open_enterprise_server11.0

🔴Vulnerability Details

GHSA

GHSA-j29g-jqm4-jj9q: /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array,↗2022-05-13

▶

CVEList

CVE-2014-0595: /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array,↗2014-05-08

▶