sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
21 Nov 2024, 06:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.suse.com/show_bug.cgi?id=1190975 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/ - | |
References | () https://security.netapp.com/advisory/ntap-20211014-0004/ - Third Party Advisory | |
References | () https://www.debian.org/security/2023/dsa-5586 - | |
References | () https://www.openssh.com/security.html - Vendor Advisory | |
References | () https://www.openssh.com/txt/release-8.8 - Release Notes, Vendor Advisory | |
References | () https://www.openwall.com/lists/oss-security/2021/09/26/1 - Mailing List, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory | |
References | () https://www.starwindsoftware.com/security/sw-20220805-0001/ - Third Party Advisory | |
References | () https://www.tenable.com/plugins/nessus/154174 - |
26 Dec 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Dec 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
References |
|
|
25 Oct 2022, 16:30
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.starwindsoftware.com/security/sw-20220805-0001/ - Third Party Advisory | |
CPE | cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:* |
11 Oct 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:* |
|
CWE | ||
References |
|
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
25 Jul 2022, 18:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Nov 2021, 22:37
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20211014-0004/ - Third Party Advisory | |
CPE | cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:* |
14 Oct 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Oct 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Oct 2021, 14:46
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.4
v3 : 7.0 |
03 Oct 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Oct 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Oct 2021, 19:13
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 8.8 |
CPE | cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.openssh.com/txt/release-8.8 - Release Notes, Vendor Advisory | |
References | (MISC) https://www.openssh.com/security.html - Vendor Advisory | |
References | (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1190975 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://www.openwall.com/lists/oss-security/2021/09/26/1 - Mailing List, Third Party Advisory | |
CWE | CWE-269 |
27 Sep 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Sep 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-09-26 19:15
Updated : 2024-11-21 06:26
NVD link : CVE-2021-41617
Mitre link : CVE-2021-41617
CVE.ORG link : CVE-2021-41617
JSON object : View
Products Affected
fedoraproject
- fedora
netapp
- ontap_select_deploy_administration_utility
- solidfire
- aff_a250_firmware
- aff_a250
- aff_500f_firmware
- clustered_data_ontap
- active_iq_unified_manager
- aff_500f
- hci_management_node
oracle
- http_server
- zfs_storage_appliance_kit
openbsd
- openssh
starwindsoftware
- starwind_virtual_san
CWE