Scientific Linux Security Update : openssh on SL5.x i386/x86_64
Medium Nessus Plugin ID 60671
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot shell access to a system could possibly use this flaw to escalate their privileges and run commands as any system user. (CVE-2009-2904)
After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.
SolutionUpdate the affected packages.