Vulnerability in Fedoraproject Sssd

CVE-2014-0249

The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.

EPSS: 0.003 (26.0th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject Sssd — versions 1.11.6
Redhat Enterprise_linux — versions 5, 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

secalert@redhat.com (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)