Red Hat Enterprise Linux OpenSSH ChrootDirectory Local Privilege Escalation

Medium Nessus Plugin ID 17706


The SSH server running on the remote host has a privilege escalation vulnerability.


According to its banner, the version of OpenSSH running on the remote host may have a privilege escalation vulnerability. OpenSSH on Red Hat Enterprise Linux 5, Fedora 11, and possibly other platforms use an insecure implementation of the 'ChrootDirectory' configuration setting, which could allow privilege escalation. Upstream OpenSSH is not affected.

The fix for this issue does not change the version in the OpenSSH banner, so this may be a false positive.


Apply the appropriate patch listed in Red Hat security advisory RHSA-2009:1470-1.

See Also

Plugin Details

Severity: Medium

ID: 17706

File Name: openssh_rhel_43.nasl

Version: $Revision: 1.5 $

Type: remote

Family: Misc.

Published: 2011/11/18

Modified: 2016/05/12

Dependencies: 10267

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Required KB Items: Settings/PCI_DSS

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/09/30

Vulnerability Publication Date: 2009/09/30

Reference Information

CVE: CVE-2009-2904

BID: 36552

OSVDB: 58495

RHSA: 2009:1470

CWE: 16