Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-41617 - log back

CVE-2021-41617 edited at 26 Sep 2021 20:13:43

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Privilege escalation

Description

+

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

References

+	https://www.openssh.com/txt/release-8.8
+	https://www.openssh.com/security.html
+	https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
+	https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde

Notes

CVE-2021-41617 created at 26 Sep 2021 20:10:49