CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
27.7%
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default
configurations are used, allows privilege escalation because supplemental
groups are not initialized as expected. Helper programs for
AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with
privileges associated with group memberships of the sshd process, if the
configuration specifies running the command as a different user.
Author | Note |
---|---|
Priority reason: Cannot be reproduced on Ubuntu since sshd drops groups early | |
seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
mdeslaur | Only applies to non-default configurations where AuthorizedKeysCommand or AuthorizedPrincipalsCommand are used. |
sespiros | Cannot reproduce since sshd for all releases drops supplementary groups early when it starts with setgroups(0, NULL). |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | openssh | < any | UNKNOWN |
ubuntu | 20.04 | noarch | openssh | < 1:8.2p1-4ubuntu0.11 | UNKNOWN |
ubuntu | 14.04 | noarch | openssh | < any | UNKNOWN |
ubuntu | 16.04 | noarch | openssh | < 1:7.2p2-4ubuntu2.10+esm2 | UNKNOWN |
ubuntu | 18.04 | noarch | openssh-ssh1 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | openssh-ssh1 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | openssh-ssh1 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | openssh-ssh1 | < any | UNKNOWN |
launchpad.net/bugs/cve/CVE-2021-41617
nvd.nist.gov/vuln/detail/CVE-2021-41617
security-tracker.debian.org/tracker/CVE-2021-41617
ubuntu.com/security/notices/USN-5666-1
ubuntu.com/security/notices/USN-6565-1
www.cve.org/CVERecord?id=CVE-2021-41617
www.openssh.com/security.html
www.openssh.com/txt/release-8.8
www.openwall.com/lists/oss-security/2021/09/26/1
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
27.7%