CVE-2014-0249

CWE-2648 documents7 sources

Severity

3.3LOW

EPSS

0.1%

top 82.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Sssd Redhat Enterprise Linux

Timeline

PublishedJun 11

Latest updateMay 14

Description

The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.

CVSS vector

AV:L/AC:M/C:P/I:P/A:NExploitability: 3.4 | Impact: 4.9

Affected Packages2 packages

▶Debiansssd< 1.11.7-1+3

▶NVDfedoraproject/sssd1.11.6

Also affects: Enterprise Linux 5, 6.0

🔴Vulnerability Details

GHSA

GHSA-2mgv-chq6-566c: The System Security Services Daemon (SSSD) 1↗2022-05-14

▶

OSV

CVE-2014-0249: The System Security Services Daemon (SSSD) 1↗2014-06-11

▶

CVEList

CVE-2014-0249: The System Security Services Daemon (SSSD) 1↗2014-06-11

▶

📋Vendor Advisories

Red Hat

sssd: incorrect expansion of group membership when encountering a non-POSIX group↗2014-05-13

▶

Debian

CVE-2014-0249: sssd - The System Security Services Daemon (SSSD) 1.11.6 does not properly identify gro...↗2014

▶

💬Community

Bugzilla

CVE-2014-0249 sssd: incorrect expansion of group membership when encountering a non-POSIX group [fedora-all]↗2014-05-27

▶

Bugzilla

CVE-2014-0249 sssd: incorrect expansion of group membership when encountering a non-POSIX group↗2014-05-27

▶