CVE-2021-41617
openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
sshd en OpenSSH versiones 6.2 hasta 8.x anteriores a 8.8, cuando son usadas determinadas configuraciones no predeterminadas, permite una escalada de privilegios porque los grupos complementarios no son inicializados como se espera. Los programas de ayuda para AuthorizedKeysCommand y AuthorizedPrincipalsCommand pueden ejecutarse con privilegios asociados a la pertenencia a grupos del proceso sshd, si la configuraciĆ³n especifica la ejecuciĆ³n del comando como un usuario diferente
A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privileges, potentially leading to local privilege escalation.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-26 CVE Reserved
- 2021-09-26 CVE Published
- 2024-08-04 CVE Updated
- 2024-10-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-273: Improper Check for Dropped Privileges
CAPEC
References (16)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20211014-0004 | Third Party Advisory | |
https://www.openwall.com/lists/oss-security/2021/09/26/1 | Mailing List | |
https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory | |
https://www.starwindsoftware.com/security/sw-20220805-0001 | Third Party Advisory | |
https://www.tenable.com/plugins/nessus/154174 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1190975 | 2023-12-26 | |
https://www.oracle.com/security-alerts/cpuapr2022.html | 2023-12-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netapp Search vendor "Netapp" | Aff A250 Firmware Search vendor "Netapp" for product "Aff A250 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Aff A250 Search vendor "Netapp" for product "Aff A250" | - | - |
Safe
|
Netapp Search vendor "Netapp" | Aff 500f Firmware Search vendor "Netapp" for product "Aff 500f Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Aff 500f Search vendor "Netapp" for product "Aff 500f" | - | - |
Safe
|
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | >= 6.2 < 8.8 Search vendor "Openbsd" for product "Openssh" and version " >= 6.2 < 8.8" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Hci Management Node Search vendor "Netapp" for product "Hci Management Node" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Http Server Search vendor "Oracle" for product "Http Server" | 12.2.1.2.0 Search vendor "Oracle" for product "Http Server" and version "12.2.1.2.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Http Server Search vendor "Oracle" for product "Http Server" | 12.2.1.3.0 Search vendor "Oracle" for product "Http Server" and version "12.2.1.3.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Http Server Search vendor "Oracle" for product "Http Server" | 12.2.1.4.0 Search vendor "Oracle" for product "Http Server" and version "12.2.1.4.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Zfs Storage Appliance Kit Search vendor "Oracle" for product "Zfs Storage Appliance Kit" | 8.8 Search vendor "Oracle" for product "Zfs Storage Appliance Kit" and version "8.8" | - |
Affected
| ||||||
Starwindsoftware Search vendor "Starwindsoftware" | Starwind Virtual San Search vendor "Starwindsoftware" for product "Starwind Virtual San" | v8r13 Search vendor "Starwindsoftware" for product "Starwind Virtual San" and version "v8r13" | 14398 |
Affected
|