QwikSec

Security Database

CVE

CWE

Training

CVE-2021-41617

Published: Sep 26, 2021

Modified: May 12, 2026

PUBLISHED

Description

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openssh.com/security.html

https://www.openwall.com/lists/oss-security/2021/09/26/1

https://www.openssh.com/txt/release-8.8

FEDORA-2021-1f7339271d

vendor-advisory

FEDORA-2021-f8df0f8563

vendor-advisory

FEDORA-2021-fa0e94198f

vendor-advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

https://bugzilla.suse.com/show_bug.cgi?id=1190975

https://security.netapp.com/advisory/ntap-20211014-0004/

https://www.oracle.com/security-alerts/cpujul2022.html

https://www.starwindsoftware.com/security/sw-20220805-0001/

https://www.tenable.com/plugins/nessus/154174

vendor-advisory

[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.