CVE-2014-0595
SUSE Linux Enterprise Desktop 11 SP3
CVE-2014-0595, security advisory, novell, suse linux, suse, security, cve

CVE-2014-0595

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-0595 at MITRE

Description

/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.64
Vector AV:L/AC:H/Au:N/C:P/I:P/A:N
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 872796 [REOPENED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP3
  • novell-qtgui >= 3.0.0-0.20.1
  • novell-qtgui-cli >= 3.0.0-0.20.1
  • novell-ui-base >= 3.0.0-0.10.1
Patchnames:
sledsp3-novell-ui-201405
SUSE Linux Enterprise Desktop 11 SP3
  • novell-qtgui >= 3.0.0-0.20.1
  • novell-qtgui-cli >= 3.0.0-0.20.1
  • novell-ui-base >= 3.0.0-0.10.1
Builds
SAT Patch Nr: 9276