Home > Vulnerability Database > CVE-2021-41617

Mend.io Vulnerability Database

CVE-2021-41617

Date: September 25, 2021

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Language: C

Severity Score

7.0

Related Resources (23)

Url: https://security.netapp.com/advisory/ntap-20211014-0004/

Url: https://bugzilla.suse.com/show_bug.cgi?id=1190975

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-41617

Url: https://access.redhat.com/security/cve/CVE-2021-41617

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-41617

Url: https://www.debian.org/security/2023/dsa-5586

Url: https://security-tracker.debian.org/tracker/CVE-2021-41617

Url: https://www.tenable.com/plugins/nessus/154174

Url: https://security.alpinelinux.org/vuln/CVE-2021-41617

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/

Url: https://www.openssh.com/security.html

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/

Url: https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html

Url: https://www.oracle.com/security-alerts/cpuapr2022.html

Url: https://www.openwall.com/lists/oss-security/2021/09/26/1

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/

Url: https://www.oracle.com/security-alerts/cpujul2022.html

Url: https://www.starwindsoftware.com/security/sw-20220805-0001/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/

Url: https://www.openssh.com/txt/release-8.8

Url: https://www.mend.io/vulnerability-database/CVE-2021-41617

Severity Score

7.0

Weakness Type (CWE)

Improper Privilege Management

CWE-269

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	4.4
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-41617

Date: September 25, 2021

Language: C

Severity Score

Related Resources (23)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?