logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-41617

Description

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.


Affected Software


CPE Name Name Version
openbsd:openssh openbsd openssh 8.8
fedoraproject:fedora fedoraproject fedora 33
fedoraproject:fedora fedoraproject fedora 34
fedoraproject:fedora fedoraproject fedora 35
netapp:ontap_select_deploy_administration_utility netapp ontap select deploy administration utility -
netapp:clustered_data_ontap netapp clustered data ontap -
netapp:solidfire netapp solidfire -
netapp:hci_management_node netapp hci management node -
netapp:active_iq_unified_manager netapp active iq unified manager -
netapp:aff_a250_firmware netapp aff a250 firmware -
netapp:aff_500f_firmware netapp aff 500f firmware -
oracle:http_server oracle http server 12.2.1.2.0
oracle:http_server oracle http server 12.2.1.3.0
oracle:http_server oracle http server 12.2.1.4.0
oracle:zfs_storage_appliance_kit oracle zfs storage appliance kit 8.8
starwindsoftware:starwind_virtual_san starwindsoftware starwind virtual san v8r13

Related