// For flags

CVE-2009-2904

openssh: possible privilege escalation when using ChrootDirectory setting

Severity Score

6.9
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.

Ciertas modificaciones Ret Hat en ChrootDirectory feature en OpenSSH v4.8, como el usado en sshd en OpenSSH v4.3 en Red Hat Enterprise Linux (RHEL) v5.4 y Fedora v11, permite a usuarios locales obtener privilegios a través de enlaces fuertes en programas setuid que usa una configuración de ficheros con el chroot directory, relacionado con requerimientos para el propietario.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-08-20 CVE Reserved
  • 2009-10-01 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-16: Configuration
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.3
Search vendor "Openbsd" for product "Openssh" and version "4.3"
-
Affected
in Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
11
Search vendor "Fedoraproject" for product "Fedora" and version "11"
-
Safe
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.3
Search vendor "Openbsd" for product "Openssh" and version "4.3"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
5
Search vendor "Redhat" for product "Enterprise Linux" and version "5"
server
Safe
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.3
Search vendor "Openbsd" for product "Openssh" and version "4.3"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
5
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5"
client
Safe
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.3
Search vendor "Openbsd" for product "Openssh" and version "4.3"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
5
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "5"
-
Safe
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.8
Search vendor "Openbsd" for product "Openssh" and version "4.8"
-
Affected
in Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
11
Search vendor "Fedoraproject" for product "Fedora" and version "11"
-
Safe
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.8
Search vendor "Openbsd" for product "Openssh" and version "4.8"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
5
Search vendor "Redhat" for product "Enterprise Linux" and version "5"
server
Safe
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.8
Search vendor "Openbsd" for product "Openssh" and version "4.8"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
5
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5"
client
Safe
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.8
Search vendor "Openbsd" for product "Openssh" and version "4.8"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
5
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "5"
-
Safe