CVE-2009-2904

critical

Description

A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.

References

https://rhn.redhat.com/errata/RHSA-2009-1470.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862

https://bugzilla.redhat.com/show_bug.cgi?id=522141

http://www.vupen.com/english/advisories/2010/0528

http://www.securityfocus.com/bid/36552

http://secunia.com/advisories/39182

http://secunia.com/advisories/38834

http://secunia.com/advisories/38794

http://osvdb.org/58495

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html

Details

Source: Mitre, NVD

Published: 2009-10-01

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical