CVE-2021-41617

Updated: 2024-11-30 03:12:51.031973

Description:

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.4
CVSS Version 3.x HIGH 7

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU openssh 8.7p1 7.0 HIGH Not Vulnerable 2023-11-08 08:35:54
CentOS 6 ELS openssh 5.3p1 7.0 HIGH Not Vulnerable 2022-04-20 00:38:50
CentOS 7 ELS openssh 7.4p1 7.0 HIGH Already Fixed 2023-09-19 09:30:18
CentOS 8.4 ELS openssh 8.0p1-6 7.0 HIGH Released CLSA-2022:1649695840 2022-04-20 00:38:50
CentOS 8.5 ELS openssh 8.0p1-10 7.0 HIGH Released CLSA-2022:1649695900 2022-04-20 00:38:50
CloudLinux 6 ELS openssh 5.3p1 7.0 HIGH Not Vulnerable 2022-04-20 00:38:50
Oracle Linux 6 ELS openssh 5.3p1 7.0 HIGH Not Vulnerable 2022-04-20 00:38:50
Ubuntu 16.04 ELS openssh 7.2p2 7.0 HIGH Released CLSA-2021:1639681866 2022-04-20 00:38:50
Ubuntu 18.04 ELS openssh 7.6p1 7.0 HIGH Released CLSA-2023:1688678532 2023-07-06 21:47:24