CVE-2021-41617

UNKNOWN

Published 2021-09-26T00:00:00

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-41617. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-mxh4-p4w6-g844

Advisory Details

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-41617

WEB https://www.tenable.com/plugins/nessus/154174

WEB https://www.starwindsoftware.com/security/sw-20220805-0001

WEB https://www.oracle.com/security-alerts/cpujul2022.html

WEB https://www.oracle.com/security-alerts/cpuapr2022.html

WEB https://www.openwall.com/lists/oss-security/2021/09/26/1

WEB https://www.openssh.com/txt/release-8.8

WEB https://www.openssh.com/security.html

WEB https://www.debian.org/security/2023/dsa-5586

WEB https://security.netapp.com/advisory/ntap-20211014-0004

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED

WEB https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html

WEB https://bugzilla.suse.com/show_bug.cgi?id=1190975

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: May 24, 2022

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

1 post

Reddit • 2 months, 2 weeks ago

ElephantCares

I really need some help/advice/insight. I have a small, low traffic, website. (Pawstalk.net). I am with InMotion Hosting, ShopSite as my shopping cart, and Braintree as my Payment Processor. A couple of years ago, Braintree stopped having any kind of phone support, and contracted with a company called Security Metrics …