OES11 SP2 - The 'nwrights' utility also grants the 'S' right when the 'F' right is set - CVE-2014-0595.

  • 7014932
  • 21-Apr-2014
  • 09-Jun-2014

Environment

Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 2
Novell Client for Linux

Situation

The 'nwrights' cli utility can be found under '/opt/novell/ncl/bin', and is a part of the Novell Client for Linux.

When a user is granted File system rights ('F'), using this 'nwrights' utility from OES11 SP2 shipping code, that particular user also automatically receives the Supervisor right ('S') on that particular file.

When using 'nwrights' to set any other rights such as Read/Write ('RW'), this is all still working as is expected, and the problem behavior where rights are being elevated is not observed.

Resolution

The solution to this issue has been released as hot patch: "April 2014 OES11SP2 Hot Patch for NCL"

Cause

An out-of-bound problem caused a bit to always be set outside off the array access, causing this particular behavior when File system rights were set.

Additional Information

This security vulnerability has been categorized as CVE-2014-0595.

The problem exists with the Novell Client for Linux  (novell-qtgui, novell-qtgui-cli, novell-ui-base) from OES11 SP2 only, and does not exist with the Novell Client for Linux as shipped with SUSE Linux Enterprise Desktop 11 SP3.

The exposed security vulnerability does not exist on OES11 SP1, however on OES11 SP1 the event crashes.