Red Hat Enterprise Linux OpenSSH ChrootDirectory Local Privilege Escalation

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The SSH server running on the remote host has a privilege escalation
vulnerability.

Description :

According to its banner, the version of OpenSSH running on the remote
host may have a privilege escalation vulnerability. OpenSSH on Red
Hat Enterprise Linux 5, Fedora 11, and possibly other platforms use an
insecure implementation of the 'ChrootDirectory' configuration
setting, which could allow privilege escalation. Upstream OpenSSH is
not affected.

The fix for this issue does not change the version in the OpenSSH
banner, so this may be a false positive.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=522141

Solution :

Apply the appropriate patch listed in Red Hat security advisory
RHSA-2009:1470-1.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 17706 ()

Bugtraq ID: 36552

CVE ID: CVE-2009-2904