Skip to main content

Open Enterprise Server CVE-2014-0595

LOW
Buffer Overflow (CWE-119)
2014-05-08 cve@mitre.org
2.6
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
2.6 LOW
AV:L/AC:H/Au:N/C:P/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:H/Au:N/C:P/I:P/A:N
Attack Vector
Local
Attack Complexity
High
Confidentiality
P
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
May 08, 2014 - 10:55 cve.org
LOW 2.6

DescriptionCVE.org

/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator.

AnalysisAI

/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S. Rated low severity (CVSS 2.6). No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator. Affected products include: Novell Open Enterprise Server.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

Share

CVE-2014-0595 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy