HackTesting
HomeArticlesTagsContact

CVE-2021-41617

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

References

https://www.openssh.com/security.html
https://www.openwall.com/lists/oss-security/2021/09/26/1
https://www.openssh.com/txt/release-8.8
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://bugzilla.suse.com/show_bug.cgi?id=1190975
https://security.netapp.com/advisory/ntap-20211014-0004/
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.starwindsoftware.com/security/sw-20220805-0001/
https://www.tenable.com/plugins/nessus/154174
https://www.debian.org/security/2023/dsa-5586
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
Published
Sep 26, 2021 00:00:00 UTC
Updated
Jul 14, 2026 11:49:30 UTC
Reserved
Sep 26, 2021 00:00:00 UTC
  • Home
  • Contact Us
  • Recently Updated CVEs
  • Articles
  • Tags
  • RSS Feed
  • Privacy Policy
© 2026 HackTesting. All rights reserved.