<p>Upgrade <code>Ubuntu:20.04</code> <code>openssh</code> to version 1:8.2p1-4ubuntu0.11 or higher.</p>

Improper Privilege Management Affecting openssh package, versions <1:8.2p1-4ubuntu0.11

Threat Intelligence

0.06% (24^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-UBUNTU2004-OPENSSH-1726887
published 29 Sep 2021
disclosed 26 Sep 2021

Report a new vulnerability Found a mistake?

Introduced: 26 Sep 2021

CVE-2021-41617 Open this link in a new tab CWE-269 Open this link in a new tab

How to fix?

Upgrade Ubuntu:20.04 openssh to version 1:8.2p1-4ubuntu0.11 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Local
Attack Complexity (AC)

High
Privileges Required (PR)

Low
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

High
Availability (A)

High

Improper Privilege Management Affecting openssh package, versions <1:8.2p1-4ubuntu0.11

Severity

Based on Ubuntu security rating