CVE-2014-0249: The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which…

low3.3CVSS 3.1

AVLACMAuNCPIPAN

The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.

Affected

8 ranges

Vendor	Product	Version range	Fixed in
debian	sssd	< sssd 1.11.7-1 (bookworm)	sssd 1.11.7-1 (bookworm)
fedoraproject	sssd	—	—
fedoraproject	sssd	>= 0 < 1.11.7-1	1.11.7-1
fedoraproject	sssd	>= 0 < 1.11.7-1	1.11.7-1
fedoraproject	sssd	>= 0 < 1.11.7-1	1.11.7-1
fedoraproject	sssd	>= 0 < 1.11.7-1	1.11.7-1
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—

CVSS provenance

nvd3.3LOWAV:L/AC:M/Au:N/C:P/I:P/A:N

osv3.3LOW