CVE-2009-2904
First published: Wed Sep 09 2009(Updated: )
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openbsd Openssh | =4.3 | |
| Openbsd Openssh | =4.8 | |
| Fedoraproject Fedora | =11 | |
| Redhat Enterprise Linux | =5 | |
| Redhat Enterprise Linux Desktop | =5 | |
| Redhat Enterprise Linux Eus | =5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/36552
- https://rhn.redhat.com/errata/RHSA-2009-1470.html
- https://bugzilla.redhat.com/show_bug.cgi?id=522141
- http://osvdb.org/58495
- http://secunia.com/advisories/39182
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html
- http://secunia.com/advisories/38794
- http://lists.vmware.com/pipermail/security-announce/2010/000082.html
- http://www.vupen.com/english/advisories/2010/0528
- http://secunia.com/advisories/38834
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862
- http://openssh.org/txt/release-4.8
- http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5
- https://bugzilla.mindrot.org/show_bug.cgi?id=1593
- http://undeadly.org/cgi?action=article&sid=20080220110039
- https://lists.mindrot.org/pipermail/openssh-unix-dev/2009-March/027491.html
- https://lists.mindrot.org/pipermail/openssh-unix-dev/2008-November/026981.html
- http://admin.fedoraproject.org/updates/openssh-5.2p1-6.fc11
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-2904
- agent/tags
- agent/event
- agent/trending
- vendor/openbsd
- canonical/openbsd openssh
- version/openbsd openssh/4.3
- version/openbsd openssh/4.8
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/11
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/5