| VID |
14156 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
SSH |
| Detailed Description |
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
* Note: This check solely relied on the banner of the remote OpenSSH server to assess this vulnerability, so this might be a false positive.
* References:
https://www.openwall.com/lists/oss-security/2021/09/26/1
https://www.openssh.com/txt/release-8.8
* Platforms Affected:
OpenSSH prior to 8.8
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of OpenSSH (8.8 or later), available from the OpenSSH Web site at http://www.openssh.org/ |
| Related URL |
CVE-2021-41617 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
