sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
sshd en OpenSSH versiones 6.2 hasta 8.x anteriores a 8.8, cuando son usadas determinadas configuraciones no predeterminadas, permite una escalada de privilegios porque los grupos complementarios no son inicializados como se espera. Los programas de ayuda para AuthorizedKeysCommand y AuthorizedPrincipalsCommand pueden ejecutarse con privilegios asociados a la pertenencia a grupos del proceso sshd, si la configuración especifica la ejecución del comando como un usuario diferente
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:L/AC:M/Au:N/C:P/I:P/A:P
| Access Vector | LOCAL |
|---|---|
| Access Complexity | MEDIUM |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
NVD-CWE-Other
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| openbsd | openssh | * | <built-in method update of dict object at 0x702bcbbf42c0> | Application |
| fedoraproject | fedora | 33 | <built-in method update of dict object at 0x702bdd605c00> | Operating System |
| fedoraproject | fedora | 34 | <built-in method update of dict object at 0x702bcbbf53c0> | Operating System |
| fedoraproject | fedora | 35 | <built-in method update of dict object at 0x702bcbbf6640> | Operating System |
| netapp | active_iq_unified_manager | - | <built-in method update of dict object at 0x702bcbbf5b00> | Application |
| netapp | clustered_data_ontap | - | <built-in method update of dict object at 0x702bdd151680> | Application |
| netapp | hci_management_node | - | <built-in method update of dict object at 0x702bdd6060c0> | Application |
| netapp | ontap_select_deploy_administration_utility | - | <built-in method update of dict object at 0x702bdd607e80> | Application |
| netapp | solidfire | - | <built-in method update of dict object at 0x702bcbbf61c0> | Application |
| netapp | aff_a250_firmware | - | <built-in method update of dict object at 0x702bcbbf5800> | Operating System |
| netapp | aff_500f_firmware | - | <built-in method update of dict object at 0x702bdd604380> | Operating System |
| oracle | http_server | 12.2.1.2.0 | <built-in method update of dict object at 0x702bdd607fc0> | Application |
| oracle | http_server | 12.2.1.3.0 | <built-in method update of dict object at 0x702bcbbf55c0> | Application |
| oracle | http_server | 12.2.1.4.0 | <built-in method update of dict object at 0x702bdd607240> | Application |
| oracle | zfs_storage_appliance_kit | 8.8 | <built-in method update of dict object at 0x702bdd604180> | Application |
| starwindsoftware | starwind_virtual_san | v8r13 | <built-in method update of dict object at 0x702bdd604e00> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:* |