VulnerableCode Package Details - pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-a999-r8d4-aaad Aliases: CVE-2021-41617	sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.	1:8.4p1-5+deb11u3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1:9.2p1-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-w923-5vep-aaaq Aliases: CVE-2021-36368	DISPUTED An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed."	1:8.4p1-5+deb11u3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1:9.2p1-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1:9.2p1-2+deb12u1 Affected by 0 other vulnerabilities. 1:9.2p1-2+deb12u3 Affected by 0 other vulnerabilities. 1:9.2p1-2+deb12u4 Affected by 0 other vulnerabilities. 1:9.2p1-2+deb12u5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1:9.2p1-2+deb12u6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-a999-r8d4-aaad
Aliases:
CVE-2021-41617

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

1:8.4p1-5+deb11u3
Affected by 3 other vulnerabilities.

1:9.2p1-2
Affected by 2 other vulnerabilities.

VCID-w923-5vep-aaaq
Aliases:
CVE-2021-36368

** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed."

1:8.4p1-5+deb11u3
Affected by 3 other vulnerabilities.

1:9.2p1-2
Affected by 2 other vulnerabilities.

1:9.2p1-2+deb12u1
Affected by 0 other vulnerabilities.

1:9.2p1-2+deb12u3
Affected by 0 other vulnerabilities.

1:9.2p1-2+deb12u4
Affected by 0 other vulnerabilities.

1:9.2p1-2+deb12u5
Affected by 1 other vulnerability.

1:9.2p1-2+deb12u6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-01-11T06:45:30.574800+00:00	Debian Importer	Affected by	VCID-a999-r8d4-aaad	None	34.0.0rc2
2024-01-11T02:57:55.848086+00:00	Debian Importer	Affected by	VCID-w923-5vep-aaaq	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2
2024-01-11T02:57:53.106128+00:00	Debian Importer	Affected by	VCID-w923-5vep-aaaq	None	34.0.0rc2
2024-01-04T17:48:37.848217+00:00	Debian Importer	Affected by	VCID-a999-r8d4-aaad	None	34.0.0rc1
2024-01-04T15:04:06.920983+00:00	Debian Importer	Affected by	VCID-w923-5vep-aaaq	https://security-tracker.debian.org/tracker/data/json	34.0.0rc1
2024-01-04T15:04:04.455458+00:00	Debian Importer	Affected by	VCID-w923-5vep-aaaq	None	34.0.0rc1