what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2021-41617

Status Candidate

Overview

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Related Files

Ubuntu Security Notice USN-6565-1
Posted Jan 4, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6565-1 - It was discovered that OpenSSH incorrectly handled supplemental groups when running helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand as a different user. An attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 20.04 LTS. It was discovered that OpenSSH incorrectly added destination constraints when PKCS#11 token keys were added to ssh-agent, contrary to expectations. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-41617, CVE-2023-51384, CVE-2023-51385
SHA-256 | ec9147c7e17c9b7474fb26fe7454f31349351cd2e830bb0c9e3403822a0b62a7
Debian Security Advisory 5586-1
Posted Dec 22, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5586-1 - Several vulnerabilities have been discovered in OpenSSH, an implementation of the SSH protocol suite.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2021-41617, CVE-2023-28531, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385
SHA-256 | eb54a28b3d95ad19c4329f6295f24f93dcd4b5a934d6c9ce761901a356063b87
Ubuntu Security Notice USN-5666-1
Posted Oct 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5666-1 - It was discovered that OpenSSH incorrectly handled certain helper programs. An attacker could possibly use this issue to arbitrary code execution.

tags | advisory, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2021-41617
SHA-256 | 8f31482ef90e95cd49fa6931dd52d6bd17567f215ec6e64988bc0a35199c0f0e
Red Hat Security Advisory 2022-4671-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4671-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-3634, CVE-2021-3737, CVE-2021-41617, CVE-2021-4189, CVE-2022-24904, CVE-2022-24905, CVE-2022-29165
SHA-256 | 1a7182c8803733e24a2f52a38dc6173bf272d5ad45772e1226fe7c4a018efefe
Red Hat Security Advisory 2022-4690-01
Posted May 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4690-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-25219, CVE-2021-3634, CVE-2021-3639, CVE-2021-3737, CVE-2021-41617, CVE-2021-4189, CVE-2022-0778, CVE-2022-1154, CVE-2022-1271, CVE-2022-24904, CVE-2022-24905, CVE-2022-29165
SHA-256 | 3bfe6b3b087ca42a19201811078371538ab2936796ff2422443605c3aef038d7
Red Hat Security Advisory 2022-4692-01
Posted May 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4692-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-3634, CVE-2021-3737, CVE-2021-41617, CVE-2021-4189, CVE-2022-24904, CVE-2022-24905, CVE-2022-29165
SHA-256 | ecf97b114c811de8b773415e31f85d2dbbd762da9a08556fc7bc868b0c83a9a5
Red Hat Security Advisory 2022-4691-01
Posted May 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4691-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-3634, CVE-2021-3737, CVE-2021-41617, CVE-2021-4189, CVE-2022-24904, CVE-2022-24905, CVE-2022-29165
SHA-256 | 6fe762e2616c6dacdada61a5ff131f5097db13088eef51a3811f2266f29dfb07
Red Hat Security Advisory 2022-2013-01
Posted May 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2013-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a privilege escalation vulnerability.

tags | advisory, protocol
systems | linux, redhat, unix
advisories | CVE-2021-41617
SHA-256 | 13bc1420d8a6b3ab9e7cc3edb50bece9071c44dfad388f8f4a9f1a3ec25f6121
Red Hat Security Advisory 2021-4782-01
Posted Nov 24, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4782-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a privilege escalation vulnerability.

tags | advisory, protocol
systems | linux, redhat, unix
advisories | CVE-2021-41617
SHA-256 | 94fef97db06e70441729962bafea2b719a402a6ac6c20f7fdcba2734326a6dbc
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close