CVE-2014-0249
EPSS 0.05%
Description
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.
How to fix CVE-2014-0249
To remediate CVE-2014-0249, upgrade the affected package to a fixed version below.
- Debian/sssd—upgrade to 1.11.7-1 or later
Is CVE-2014-0249 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.11.7-1