CVE-2009-2904
openssh: possible privilege escalation when using ChrootDirectory setting
Severity Score
6.9
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
Ciertas modificaciones Ret Hat en ChrootDirectory feature en OpenSSH v4.8, como el usado en sshd en OpenSSH v4.3 en Red Hat Enterprise Linux (RHEL) v5.4 y Fedora v11, permite a usuarios locales obtener privilegios a través de enlaces fuertes en programas setuid que usa una configuración de ficheros con el chroot directory, relacionado con requerimientos para el propietario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-08-20 CVE Reserved
- 2009-10-01 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-16: Configuration
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://lists.vmware.com/pipermail/security-announce/2010/000082.html | Mailing List | |
| http://osvdb.org/58495 | Vdb Entry | |
| http://secunia.com/advisories/38794 | Third Party Advisory | |
| http://secunia.com/advisories/38834 | Third Party Advisory | |
| http://secunia.com/advisories/39182 | Third Party Advisory | |
| http://www.securityfocus.com/bid/36552 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2010/0528 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html | 2017-09-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=522141 | 2009-09-30 | |
| https://rhn.redhat.com/errata/RHSA-2009-1470.html | 2017-09-19 | |
| https://access.redhat.com/security/cve/CVE-2009-2904 | 2009-09-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.3 Search vendor "Openbsd" for product "Openssh" and version "4.3" | - |
Affected
| in | Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 11 Search vendor "Fedoraproject" for product "Fedora" and version "11" | - |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.3 Search vendor "Openbsd" for product "Openssh" and version "4.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5 Search vendor "Redhat" for product "Enterprise Linux" and version "5" | server |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.3 Search vendor "Openbsd" for product "Openssh" and version "4.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5" | client |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.3 Search vendor "Openbsd" for product "Openssh" and version "4.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 5 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "5" | - |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.8 Search vendor "Openbsd" for product "Openssh" and version "4.8" | - |
Affected
| in | Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 11 Search vendor "Fedoraproject" for product "Fedora" and version "11" | - |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.8 Search vendor "Openbsd" for product "Openssh" and version "4.8" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5 Search vendor "Redhat" for product "Enterprise Linux" and version "5" | server |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.8 Search vendor "Openbsd" for product "Openssh" and version "4.8" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5" | client |
Safe
|
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.8 Search vendor "Openbsd" for product "Openssh" and version "4.8" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 5 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "5" | - |
Safe
|