Lucene search

K
broadcomBroadcom Security ResponseBSNSA22340
HistoryAug 01, 2023 - 12:00 a.m.

A flaw in OpenSSH helper programs could lead to local privilege escalation

2023-08-0100:00:00
Broadcom Security Response
support.broadcom.com
19
openssh
helper programs
local privilege escalation
authorizedkeyscommand
authorizedprincipalscommand

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

27.7%

A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privileges, potentially leading to local privilege escalation

Affected configurations

Vulners
Node
broadcombrocade_fabric_operating_systemRange<9.x
OR
broadcombrocade_fabric_operating_systemRange<9.1.1