CVE-2021-41617

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

References

https://www.openwall.com/lists/oss-security/2021/09/26/1

https://www.openssh.com/txt/release-8.8

https://www.openssh.com/security.html

https://bugzilla.suse.com/show_bug.cgi?id=1190975

https://lists.fedoraproject.org/archives/list/[email protected]/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/

https://lists.fedoraproject.org/archives/list/[email protected]/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/

https://security.netapp.com/advisory/ntap-20211014-0004/

https://lists.fedoraproject.org/archives/list/[email protected]/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/

Details

Source: MITRE

Published: 2021-09-26

Updated: 2021-11-30

Type: CWE-269

Risk Information

CVSS v2

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 7

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1

Severity: HIGH

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
155757CentOS 7 : openssh (CESA-2021:4782)NessusCentOS Local Security Checks
high
155695Oracle Linux 7 : openssh (ELSA-2021-4782)NessusOracle Linux Local Security Checks
high
155685RHEL 7 : openssh (RHSA-2021:4782)NessusRed Hat Local Security Checks
high
154174OpenSSH 6.2 < 8.8NessusMisc.
high
154139FreeBSD : OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand (2a1b931f-2b86-11ec-8acd-c80aa9043978)NessusFreeBSD Local Security Checks
high
153975Photon OS 1.0: Openssh PHSA-2021-1.0-0440NessusPhotonOS Local Security Checks
high
153972Photon OS 4.0: Openssh PHSA-2021-4.0-0113NessusPhotonOS Local Security Checks
high