Buffer overflow in Novell Open_enterprise_server

CVE-2014-0595

/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by lev…

Vulnerability class: Buffer Overflow

EPSS: 0.003 (26.3th percentile) — read the EPSS interpretation.

Affected products

Novell Open_enterprise_server — versions 11.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)