CVE-2021-41617

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=1190975 Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/
https://security.netapp.com/advisory/ntap-20211014-0004/ Third Party Advisory
https://www.debian.org/security/2023/dsa-5586
https://www.openssh.com/security.html Vendor Advisory
https://www.openssh.com/txt/release-8.8 Release Notes Vendor Advisory
https://www.openwall.com/lists/oss-security/2021/09/26/1 Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220805-0001/ Third Party Advisory
https://www.tenable.com/plugins/nessus/154174
https://bugzilla.suse.com/show_bug.cgi?id=1190975 Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/
https://security.netapp.com/advisory/ntap-20211014-0004/ Third Party Advisory
https://www.debian.org/security/2023/dsa-5586
https://www.openssh.com/security.html Vendor Advisory
https://www.openssh.com/txt/release-8.8 Release Notes Vendor Advisory
https://www.openwall.com/lists/oss-security/2021/09/26/1 Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220805-0001/ Third Party Advisory
https://www.tenable.com/plugins/nessus/154174
Configurations

Configuration 1 (hide)

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:*

History

21 Nov 2024, 06:26

Type Values Removed Values Added
References () https://bugzilla.suse.com/show_bug.cgi?id=1190975 - Issue Tracking, Patch, Third Party Advisory () https://bugzilla.suse.com/show_bug.cgi?id=1190975 - Issue Tracking, Patch, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html - () https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/ -
References () https://security.netapp.com/advisory/ntap-20211014-0004/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20211014-0004/ - Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5586 - () https://www.debian.org/security/2023/dsa-5586 -
References () https://www.openssh.com/security.html - Vendor Advisory () https://www.openssh.com/security.html - Vendor Advisory
References () https://www.openssh.com/txt/release-8.8 - Release Notes, Vendor Advisory () https://www.openssh.com/txt/release-8.8 - Release Notes, Vendor Advisory
References () https://www.openwall.com/lists/oss-security/2021/09/26/1 - Mailing List, Third Party Advisory () https://www.openwall.com/lists/oss-security/2021/09/26/1 - Mailing List, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory () https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory
References () https://www.starwindsoftware.com/security/sw-20220805-0001/ - Third Party Advisory () https://www.starwindsoftware.com/security/sw-20220805-0001/ - Third Party Advisory
References () https://www.tenable.com/plugins/nessus/154174 - () https://www.tenable.com/plugins/nessus/154174 -

26 Dec 2023, 04:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html -

22 Dec 2023, 13:15

Type Values Removed Values Added
CWE NVD-CWE-Other
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/', 'name': 'FEDORA-2021-fa0e94198f', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/', 'name': 'FEDORA-2021-1f7339271d', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/', 'name': 'FEDORA-2021-f8df0f8563', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/ -
  • (MISC) https://www.tenable.com/plugins/nessus/154174 -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/ -
  • () https://www.debian.org/security/2023/dsa-5586 -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/ -

25 Oct 2022, 16:30

Type Values Removed Values Added
References (MISC) https://www.starwindsoftware.com/security/sw-20220805-0001/ - (MISC) https://www.starwindsoftware.com/security/sw-20220805-0001/ - Third Party Advisory
CPE cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:*

11 Oct 2022, 22:15

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*
CWE NVD-CWE-Other
References
  • (MISC) https://www.starwindsoftware.com/security/sw-20220805-0001/ -
References (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

25 Jul 2022, 18:17

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-269 NVD-CWE-Other

20 Apr 2022, 00:16

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

30 Nov 2021, 22:37

Type Values Removed Values Added
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/ - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211014-0004/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211014-0004/ - Third Party Advisory
CPE cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*

14 Oct 2021, 18:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/ -

14 Oct 2021, 09:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211014-0004/ -

07 Oct 2021, 14:46

Type Values Removed Values Added
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/ - Mailing List, Third Party Advisory
CPE cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
CVSS v2 : 6.0
v3 : 8.8
v2 : 4.4
v3 : 7.0

03 Oct 2021, 02:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/ -

02 Oct 2021, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/ -

01 Oct 2021, 19:13

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 6.0
v3 : 8.8
CPE cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
References (MISC) https://www.openssh.com/txt/release-8.8 - (MISC) https://www.openssh.com/txt/release-8.8 - Release Notes, Vendor Advisory
References (MISC) https://www.openssh.com/security.html - (MISC) https://www.openssh.com/security.html - Vendor Advisory
References (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1190975 - (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1190975 - Issue Tracking, Patch, Third Party Advisory
References (MISC) https://www.openwall.com/lists/oss-security/2021/09/26/1 - (MISC) https://www.openwall.com/lists/oss-security/2021/09/26/1 - Mailing List, Third Party Advisory
CWE CWE-269

27 Sep 2021, 17:15

Type Values Removed Values Added
References
  • (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1190975 -

26 Sep 2021, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-26 19:15

Updated : 2024-11-21 06:26


NVD link : CVE-2021-41617

Mitre link : CVE-2021-41617

CVE.ORG link : CVE-2021-41617


JSON object : View

Products Affected

fedoraproject

  • fedora

netapp

  • ontap_select_deploy_administration_utility
  • solidfire
  • aff_a250_firmware
  • aff_a250
  • aff_500f_firmware
  • clustered_data_ontap
  • active_iq_unified_manager
  • aff_500f
  • hci_management_node

oracle

  • http_server
  • zfs_storage_appliance_kit

openbsd

  • openssh

starwindsoftware

  • starwind_virtual_san