Improper Privilege Management in OpenSSH - CVE-2021-41617
Published: November 23, 2021 / Updated: January 10, 2022
Vulnerability identifier: #VU58333
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-41617
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: OpenSSH
Affected software:
OpenSSH
OpenSSH
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management in sshd, when certain non-default configurations are used, because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and
AuthorizedPrincipalsCommand may run with privileges associated with
group memberships of the sshd process, if the configuration specifies
running the command as a different user. A local user can escalate privileges on the system.
How to mitigate CVE-2021-41617
Install updates from vendor's website.
Sources
- https://www.openwall.com/lists/oss-security/2021/09/26/1
- https://www.openssh.com/txt/release-8.8
- https://www.openssh.com/security.html
- https://bugzilla.suse.com/show_bug.cgi?id=1190975
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/
- https://security.netapp.com/advisory/ntap-20211014-0004/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/