Red Hat Enterprise Linux OpenSSH ChrootDirectory Local Privilege Escalation

medium Nessus Plugin ID 17706


The SSH server running on the remote host has a privilege escalation vulnerability.


According to its banner, the version of OpenSSH running on the remote host may have a privilege escalation vulnerability. OpenSSH on Red Hat Enterprise Linux 5, Fedora 11, and possibly other platforms use an insecure implementation of the 'ChrootDirectory' configuration setting, which could allow privilege escalation. Upstream OpenSSH is not affected.

The fix for this issue does not change the version in the OpenSSH banner, so this may be a false positive.


Apply the appropriate patch listed in Red Hat security advisory RHSA-2009:1470-1.

See Also

Plugin Details

Severity: Medium

ID: 17706

File Name: openssh_rhel_43.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 11/18/2011

Updated: 7/16/2018

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Required KB Items: Settings/PCI_DSS

Exploit Ease: No known exploits are available

Patch Publication Date: 9/30/2009

Vulnerability Publication Date: 9/30/2009

Reference Information

CVE: CVE-2009-2904

BID: 36552

CWE: 16

RHSA: 2009:1470