Announcement Announcement Module
Collapse
No announcement yet.
Novell Open Enterprise Server Novell Client for Linux nwrights Utility Vulnerability Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Novell Open Enterprise Server Novell Client for Linux nwrights Utility Vulnerability

    Novell Open Enterprise Server (OES) Novell Client for Linux nwrights Utility Vulnerability


    Severity Rating: Medium

    Systems Affected
    • Novell Open Enterprise Server (OES ) 11.x

    Overview
    A vulnerability has been reported in Novell Open Enterprise Server (OES) nwrights utility which could allow local attacker to bypass certain security restrictions of application.

    Description

    The vulnerability is due to a boundary error when setting file system rights via the nwrights utility.
    A local attacker could exploit this vulnerability by setting File system rights ('F') using 'nwrights' utility from OES11 SP2 shipping code , which leads to the Supervisor right ('S') being granted automatically to a
    particular user, results bypassing certain security restrictions of application.

    Note:

    This vulnerability exists with the Novell Client for Linux from OES11 SP2 only.

    Solution:

    Apply appropriate patch mentioned here "April 2014 OES11SP2 Hot Patch for NCL"

    Vendor Information

    Novell
    http://www.novell.com/support/kb/doc.php?id=7014932


    References
    Secunia
    http://secunia.com/advisories/58169/

    Secure List
    http://www.securelist.com/en/advisories/58169
Tag Cloud Tag Cloud Module
Collapse
Working...
X