Red Hat Enterprise Linux OpenSSH ChrootDirectory Local Privilege Escalation

medium Nessus Plugin ID 17706

Synopsis

The SSH server running on the remote host has a privilege escalation vulnerability.

Description

According to its banner, the version of OpenSSH running on the remote host may have a privilege escalation vulnerability. OpenSSH on Red Hat Enterprise Linux 5, Fedora 11, and possibly other platforms use an insecure implementation of the 'ChrootDirectory' configuration setting, which could allow privilege escalation. Upstream OpenSSH is not affected.

The fix for this issue does not change the version in the OpenSSH banner, so this may be a false positive.

Solution

Apply the appropriate patch listed in Red Hat security advisory RHSA-2009:1470-1.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=522141

Plugin Details

Severity: Medium

ID: 17706

File Name: openssh_rhel_43.nasl

Version: 1.7

Type: remote

Family: Misc.

Published: 11/18/2011

Updated: 3/27/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Required KB Items: Settings/PCI_DSS, installed_sw/OpenSSH

Exploit Ease: No known exploits are available

Patch Publication Date: 9/30/2009

Vulnerability Publication Date: 9/30/2009

Reference Information

CVE: CVE-2009-2904

BID: 36552

CWE: 16

RHSA: 2009:1470