CVE-2009-2904
First published: Wed Sep 09 2009(Updated: )
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenSSH | =4.3 | |
| OpenSSH | =4.8 | |
| Fedora | =11 | |
| Red Hat Enterprise Linux | =5 | |
| redhat enterprise Linux desktop | =5 | |
| redhat enterprise Linux eus | =5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/36552
- https://rhn.redhat.com/errata/RHSA-2009-1470.html
- https://bugzilla.redhat.com/show_bug.cgi?id=522141
- http://osvdb.org/58495
- http://secunia.com/advisories/39182
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html
- http://secunia.com/advisories/38794
- http://lists.vmware.com/pipermail/security-announce/2010/000082.html
- http://www.vupen.com/english/advisories/2010/0528
- http://secunia.com/advisories/38834
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862
- http://openssh.org/txt/release-4.8
- http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5
- https://bugzilla.mindrot.org/show_bug.cgi?id=1593
- http://undeadly.org/cgi?action=article&sid=20080220110039
- https://lists.mindrot.org/pipermail/openssh-unix-dev/2009-March/027491.html
- https://lists.mindrot.org/pipermail/openssh-unix-dev/2008-November/026981.html
- http://admin.fedoraproject.org/updates/openssh-5.2p1-6.fc11
Frequently Asked Questions
What is the severity of CVE-2009-2904?
CVE-2009-2904 has a medium severity rating, as it allows local users to escalate privileges.
How do I fix CVE-2009-2904?
To fix CVE-2009-2904, update OpenSSH to a version that does not include the vulnerable ChrootDirectory modification.
Who is affected by CVE-2009-2904?
CVE-2009-2904 affects local users of Red Hat Enterprise Linux 5.4 and OpenSSH versions 4.3 and 4.8.
What is the impact of exploiting CVE-2009-2904?
Exploitation of CVE-2009-2904 could allow an attacker to gain elevated privileges on the affected system.
What software versions are vulnerable to CVE-2009-2904?
The vulnerable software versions for CVE-2009-2904 are OpenSSH 4.3 and OpenSSH 4.8 as modified by Red Hat.
- collector/nvd-historical
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-2904
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/openbsd
- canonical/openssh
- version/openssh/4.3
- version/openssh/4.8
- vendor/fedoraproject
- canonical/fedora
- version/fedora/11
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/5