Vulnerability Description
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Sssd | 1.11.6 |
| Redhat | Enterprise Linux | 5 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1101751
- https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019495.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1101751
- https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019495.html
FAQ
What is CVE-2014-0249?
CVE-2014-0249 is a vulnerability with a CVSS score of 3.3 (LOW). The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restricti...
How severe is CVE-2014-0249?
CVE-2014-0249 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0249?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Sssd, Redhat Enterprise Linux.