PT-2014-3555 · Red Hat+2 · Sssd+2

Published

2014-06-11

Updated

2024-06-15

CVE-2014-0249

CVSS v2.0

3.3

Low

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions SSSD version 1.11.6

Description The issue arises from the System Security Services Daemon (SSSD) not properly identifying group membership when a non-POSIX group is in a group membership chain. This allows local users to bypass access restrictions.

Recommendations For SSSD version 1.11.6, update to a version that properly handles group membership to prevent access restriction bypass.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2014-1995

CVE-2014-0249

OPENSUSE-SU-2024:10427-1

SUSE-SU-2016:2579-1

SUSE-SU-2016_2579-1

Affected Products

Alt Linux

Sssd

Suse

PT-2014-3555 · Red Hat+2 · Sssd+2

CVE-2014-0249

Weakness Enumeration

Related Identifiers

Affected Products

References · 28