CVE-2014-0595

Name of the Vulnerable Software and Affected Versions Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2

Description The issue arises from improper management of a certain array by the /opt/novell/ncl/bin/nwrights in Novell Client for Linux. This allows local users to obtain the S permission under specific circumstances, by taking advantage of the granting of the F permission by an administrator.

Recommendations For Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2, consider restricting access to the /opt/novell/ncl/bin/nwrights until a proper fix is available. Additionally, administrators should be cautious when granting the F permission to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.