sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
26 Dec 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Dec 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
14 Feb 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
References |
|
25 Oct 2022, 16:30
Type | Values Removed | Values Added |
---|---|---|
First Time |
Starwindsoftware starwind Virtual San
Starwindsoftware |
|
CPE | cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:* | |
References | (MISC) https://www.starwindsoftware.com/security/sw-20220805-0001/ - Third Party Advisory |
11 Oct 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Oct 2022, 13:28
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* |
|
First Time |
Oracle
Oracle zfs Storage Appliance Kit Oracle http Server |
|
CWE |
25 Jul 2022, 18:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Nov 2021, 22:37
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20211014-0004/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |
14 Oct 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Oct 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Oct 2021, 14:46
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.4
v3 : 7.0 |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
03 Oct 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Oct 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Oct 2021, 19:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 8.8 |
CWE | CWE-269 | |
References | (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1190975 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://www.openssh.com/txt/release-8.8 - Release Notes, Vendor Advisory | |
References | (MISC) https://www.openwall.com/lists/oss-security/2021/09/26/1 - Mailing List, Third Party Advisory | |
References | (MISC) https://www.openssh.com/security.html - Vendor Advisory |
27 Sep 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Sep 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-09-26 19:15
Updated : 2023-12-26 04:15
NVD link : CVE-2021-41617
Mitre link : CVE-2021-41617
CVE.ORG link : CVE-2021-41617
JSON object : View
Products Affected
netapp
- aff_a250
- ontap_select_deploy_administration_utility
- aff_500f_firmware
- solidfire
- hci_management_node
- active_iq_unified_manager
- clustered_data_ontap
- aff_500f
- aff_a250_firmware
starwindsoftware
- starwind_virtual_san
openbsd
- openssh
oracle
- http_server
- zfs_storage_appliance_kit
fedoraproject
- fedora
CWE