CVSS: 7.0EPSS: 0%CPEs: 18EXPL: 0CVE-2021-41617 – openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured
https://notcve.org/view.php?id=CVE-2021-41617
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. sshd en OpenSSH versiones 6.2 hasta 8.x anteriores a 8.8, cuando son usadas determinadas configuraciones no predeterminadas, permite una escalada de privilegios porque los grupos complementarios no son inicializados como se espera. Los programas de ayuda para AuthorizedKeysCommand y AuthorizedPrincipalsCommand pueden ejecutarse con privilegios asociados a la pertenencia a grupos del proceso sshd, si la configuración especifica la ejecución del comando como un usuario diferente A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privileges, potentially leading to local privilege escalation. • https://bugzilla.suse.com/show_bug.cgi?id=1190975 https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET https://security.netapp.com/advisory/ntap-20211014& • CWE-273: Improper Check for Dropped Privileges •
CVSS: 5.3EPSS: 2%CPEs: 5EXPL: 2CVE-2016-20012
https://notcve.org/view.php?id=CVE-2016-20012
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product ** EN DISPTUTA ** OpenSSH versiones hasta 8.7, permite a atacantes remotos, que presentan la sospecha de que una determinada combinación de nombre de usuario y clave pública es conocida por un servidor SSH, comprobar si esta sospecha es correcta. Esto ocurre porque es enviado un desafío sólo cuando esa combinación podría ser válida para una sesión de inicio de sesión. NOTA: el proveedor no reconoce la enumeración de usuarios como una vulnerabilidad para este producto • https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265 https://github.com/openssh/openssh-portable/pull/270 https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097 https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185 https://rushter.com/blog/public-ssh-keys https://security.netapp.com/advisory/ntap-20211014-0005 https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak https://www.openwall.com/lists •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14145 – openssh: Observable discrepancy leading to an information leak in the algorithm negotiation
https://notcve.org/view.php?id=CVE-2020-14145
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected. El lado del cliente en OpenSSH versiones 5.7 hasta 8.4, presenta una Discrepancia Observable que conlleva a una filtración de información en la negociación del algoritmo. Esto permite a atacantes de tipo man-in-the-middle apuntar a unos intentos iniciales de conexión (donde ninguna clave de host para el servidor ha sido almacenada en caché por parte del cliente) NOTA: algunos informes afirman que las versiones 8.5 y 8.6 también están afectadas. • http://www.openwall.com/lists/oss-security/2020/12/02/1 https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d https://docs.ssh-mitm.at/CVE-2020-14145.html https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1 https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py https://security.gentoo.org/glsa/202105-35 https://security.netapp.com/advisory/ntap-20200709-0004 https://www. • CWE-203: Observable Discrepancy •