CVE-2009-2904

medium

Description

A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

http://osvdb.org/58495

http://secunia.com/advisories/38794

http://secunia.com/advisories/38834

http://secunia.com/advisories/39182

http://www.securityfocus.com/bid/36552

http://www.vupen.com/english/advisories/2010/0528

https://bugzilla.redhat.com/show_bug.cgi?id=522141

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862

https://rhn.redhat.com/errata/RHSA-2009-1470.html

Details

Source: MITRE

Published: 2009-10-01

Updated: 2017-09-19

Type: CWE-16

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM