Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-2904 (GCVE-0-2009-2904)
Vulnerability from cvelistv5 – Published: 2009-10-01 15:00 – Updated: 2024-08-07 06:07
VLAI?
EPSS
Summary
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "36552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36552"
},
{
"name": "RHSA-2009:1470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1470.html"
},
{
"name": "FEDORA-2010-5429",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html"
},
{
"name": "38834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "58495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58495"
},
{
"name": "39182",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39182"
},
{
"name": "oval:org.mitre.oval:def:9862",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "36552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36552"
},
{
"name": "RHSA-2009:1470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1470.html"
},
{
"name": "FEDORA-2010-5429",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html"
},
{
"name": "38834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "58495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58495"
},
{
"name": "39182",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39182"
},
{
"name": "oval:org.mitre.oval:def:9862",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-2904",
"datePublished": "2009-10-01T15:00:00",
"dateReserved": "2009-08-20T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7910598E-BEC1-4644-9DE4-D8BE505A4F9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40B1B209-53B8-48DC-AFFC-BD69D5978A0B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3BB5EDB-520B-4DEF-B06E-65CA13152824\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*\", \"matchCriteriaId\": \"5833A489-D6DE-4D51-9E74-189CBC2E28CA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:5:*:client:*:*:*:*:*\", \"matchCriteriaId\": \"AF3FB21C-AC0E-4F6C-B68A-9405E57ADCF0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"443CB3FD-014D-4C37-BB02-03DAA5A3F3C1\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.\"}, {\"lang\": \"es\", \"value\": \"Ciertas modificaciones Ret Hat en ChrootDirectory feature en OpenSSH v4.8, como el usado en sshd en OpenSSH v4.3 en Red Hat Enterprise Linux (RHEL) v5.4 y Fedora v11, permite a usuarios locales obtener privilegios a trav\\u00e9s de enlaces fuertes en programas setuid que usa una configuraci\\u00f3n de ficheros con el chroot directory, relacionado con requerimientos para el propietario.\"}]",
"id": "CVE-2009-2904",
"lastModified": "2024-11-21T01:06:01.393",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2009-10-01T15:30:00.233",
"references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2010/000082.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://osvdb.org/58495\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/38794\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/38834\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/39182\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/36552\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0528\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=522141\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2009-1470.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2010/000082.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/58495\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38794\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38834\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/39182\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/36552\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0528\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=522141\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2009-1470.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-16\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2009-2904\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-10-01T15:30:00.233\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.\"},{\"lang\":\"es\",\"value\":\"Ciertas modificaciones Ret Hat en ChrootDirectory feature en OpenSSH v4.8, como el usado en sshd en OpenSSH v4.3 en Red Hat Enterprise Linux (RHEL) v5.4 y Fedora v11, permite a usuarios locales obtener privilegios a trav\u00e9s de enlaces fuertes en programas setuid que usa una configuraci\u00f3n de ficheros con el chroot directory, relacionado con requerimientos para el propietario.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-16\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7910598E-BEC1-4644-9DE4-D8BE505A4F9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40B1B209-53B8-48DC-AFFC-BD69D5978A0B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3BB5EDB-520B-4DEF-B06E-65CA13152824\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*\",\"matchCriteriaId\":\"5833A489-D6DE-4D51-9E74-189CBC2E28CA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:5:*:client:*:*:*:*:*\",\"matchCriteriaId\":\"AF3FB21C-AC0E-4F6C-B68A-9405E57ADCF0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"443CB3FD-014D-4C37-BB02-03DAA5A3F3C1\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000082.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/58495\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/38794\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/38834\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/39182\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/36552\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0528\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=522141\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-1470.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000082.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/58495\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38834\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39182\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/36552\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0528\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=522141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-1470.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
GSD-2009-2904
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2009-2904",
"description": "A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.",
"id": "GSD-2009-2904",
"references": [
"https://www.suse.com/security/cve/CVE-2009-2904.html",
"https://access.redhat.com/errata/RHSA-2009:1470",
"https://linux.oracle.com/cve/CVE-2009-2904.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2009-2904"
],
"details": "A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.",
"id": "GSD-2009-2904",
"modified": "2023-12-13T01:19:46.862963Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-2904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html",
"refsource": "MISC",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "http://secunia.com/advisories/38794",
"refsource": "MISC",
"url": "http://secunia.com/advisories/38794"
},
{
"name": "http://secunia.com/advisories/38834",
"refsource": "MISC",
"url": "http://secunia.com/advisories/38834"
},
{
"name": "http://www.vupen.com/english/advisories/2010/0528",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html"
},
{
"name": "http://osvdb.org/58495",
"refsource": "MISC",
"url": "http://osvdb.org/58495"
},
{
"name": "http://secunia.com/advisories/39182",
"refsource": "MISC",
"url": "http://secunia.com/advisories/39182"
},
{
"name": "http://www.securityfocus.com/bid/36552",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/36552"
},
{
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862",
"refsource": "MISC",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862"
},
{
"name": "https://rhn.redhat.com/errata/RHSA-2009-1470.html",
"refsource": "MISC",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1470.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=522141",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5:*:client:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-2904"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36552",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/36552"
},
{
"name": "RHSA-2009:1470",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1470.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=522141",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"name": "58495",
"refsource": "OSVDB",
"tags": [],
"url": "http://osvdb.org/58495"
},
{
"name": "39182",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/39182"
},
{
"name": "FEDORA-2010-5429",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html"
},
{
"name": "38794",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "ADV-2010-0528",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"name": "38834",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "oval:org.mitre.oval:def:9862",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-09-19T01:29Z",
"publishedDate": "2009-10-01T15:30Z"
}
}
}
FKIE_CVE-2009-2904
Vulnerability from fkie_nvd - Published: 2009-10-01 15:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | 4.3 | |
| openbsd | openssh | 4.8 | |
| fedoraproject | fedora | 11 | |
| redhat | enterprise_linux | 5 | |
| redhat | enterprise_linux_desktop | 5 | |
| redhat | enterprise_linux_eus | 5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40B1B209-53B8-48DC-AFFC-BD69D5978A0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*",
"matchCriteriaId": "5833A489-D6DE-4D51-9E74-189CBC2E28CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5:*:client:*:*:*:*:*",
"matchCriteriaId": "AF3FB21C-AC0E-4F6C-B68A-9405E57ADCF0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5:*:*:*:*:*:*:*",
"matchCriteriaId": "443CB3FD-014D-4C37-BB02-03DAA5A3F3C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership."
},
{
"lang": "es",
"value": "Ciertas modificaciones Ret Hat en ChrootDirectory feature en OpenSSH v4.8, como el usado en sshd en OpenSSH v4.3 en Red Hat Enterprise Linux (RHEL) v5.4 y Fedora v11, permite a usuarios locales obtener privilegios a trav\u00e9s de enlaces fuertes en programas setuid que usa una configuraci\u00f3n de ficheros con el chroot directory, relacionado con requerimientos para el propietario."
}
],
"id": "CVE-2009-2904",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-01T15:30:00.233",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/58495"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38794"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38834"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39182"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/36552"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1470.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/58495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1470.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
RHSA-2009:1470
Vulnerability from csaf_redhat - Published: 2009-09-30 15:08 - Updated: 2025-11-21 17:35Summary
Red Hat Security Advisory: openssh security update
Notes
Topic
Updated openssh packages that fix a security issue are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These
packages include the core files necessary for both the OpenSSH client and
server.
A Red Hat specific patch used in the openssh packages as shipped in Red
Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership
requirements for directories used as arguments for the ChrootDirectory
configuration options. A malicious user that also has or previously had
non-chroot shell access to a system could possibly use this flaw to
escalate their privileges and run commands as any system user.
(CVE-2009-2904)
All OpenSSH users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the OpenSSH server daemon (sshd) will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated openssh packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSH is OpenBSD\u0027s SSH (Secure Shell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client and\nserver.\n\nA Red Hat specific patch used in the openssh packages as shipped in Red\nHat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership\nrequirements for directories used as arguments for the ChrootDirectory\nconfiguration options. A malicious user that also has or previously had\nnon-chroot shell access to a system could possibly use this flaw to\nescalate their privileges and run commands as any system user.\n(CVE-2009-2904)\n\nAll OpenSSH users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the OpenSSH server daemon (sshd) will be restarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1470",
"url": "https://access.redhat.com/errata/RHSA-2009:1470"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "522141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1470.json"
}
],
"title": "Red Hat Security Advisory: openssh security update",
"tracking": {
"current_release_date": "2025-11-21T17:35:16+00:00",
"generator": {
"date": "2025-11-21T17:35:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2009:1470",
"initial_release_date": "2009-09-30T15:08:00+00:00",
"revision_history": [
{
"date": "2009-09-30T15:08:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-09-30T11:10:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:35:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-0:4.3p2-36.el5_4.2.src",
"product": {
"name": "openssh-0:4.3p2-36.el5_4.2.src",
"product_id": "openssh-0:4.3p2-36.el5_4.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh@4.3p2-36.el5_4.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-0:4.3p2-36.el5_4.2.x86_64",
"product": {
"name": "openssh-0:4.3p2-36.el5_4.2.x86_64",
"product_id": "openssh-0:4.3p2-36.el5_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh@4.3p2-36.el5_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"product": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"product_id": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-clients@4.3p2-36.el5_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"product": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"product_id": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-askpass@4.3p2-36.el5_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"product": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"product_id": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-debuginfo@4.3p2-36.el5_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"product": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"product_id": "openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-server@4.3p2-36.el5_4.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-0:4.3p2-36.el5_4.2.i386",
"product": {
"name": "openssh-0:4.3p2-36.el5_4.2.i386",
"product_id": "openssh-0:4.3p2-36.el5_4.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh@4.3p2-36.el5_4.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "openssh-clients-0:4.3p2-36.el5_4.2.i386",
"product": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.i386",
"product_id": "openssh-clients-0:4.3p2-36.el5_4.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-clients@4.3p2-36.el5_4.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"product": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"product_id": "openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-askpass@4.3p2-36.el5_4.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"product": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"product_id": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-debuginfo@4.3p2-36.el5_4.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "openssh-server-0:4.3p2-36.el5_4.2.i386",
"product": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.i386",
"product_id": "openssh-server-0:4.3p2-36.el5_4.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-server@4.3p2-36.el5_4.2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-0:4.3p2-36.el5_4.2.ia64",
"product": {
"name": "openssh-0:4.3p2-36.el5_4.2.ia64",
"product_id": "openssh-0:4.3p2-36.el5_4.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh@4.3p2-36.el5_4.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"product": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"product_id": "openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-clients@4.3p2-36.el5_4.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"product": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"product_id": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-askpass@4.3p2-36.el5_4.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"product": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"product_id": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-debuginfo@4.3p2-36.el5_4.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "openssh-server-0:4.3p2-36.el5_4.2.ia64",
"product": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.ia64",
"product_id": "openssh-server-0:4.3p2-36.el5_4.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-server@4.3p2-36.el5_4.2?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-0:4.3p2-36.el5_4.2.ppc",
"product": {
"name": "openssh-0:4.3p2-36.el5_4.2.ppc",
"product_id": "openssh-0:4.3p2-36.el5_4.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh@4.3p2-36.el5_4.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"product": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"product_id": "openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-clients@4.3p2-36.el5_4.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"product": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"product_id": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-askpass@4.3p2-36.el5_4.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"product": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"product_id": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-debuginfo@4.3p2-36.el5_4.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openssh-server-0:4.3p2-36.el5_4.2.ppc",
"product": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.ppc",
"product_id": "openssh-server-0:4.3p2-36.el5_4.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-server@4.3p2-36.el5_4.2?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-0:4.3p2-36.el5_4.2.s390x",
"product": {
"name": "openssh-0:4.3p2-36.el5_4.2.s390x",
"product_id": "openssh-0:4.3p2-36.el5_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh@4.3p2-36.el5_4.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"product": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"product_id": "openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-clients@4.3p2-36.el5_4.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"product": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"product_id": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-askpass@4.3p2-36.el5_4.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"product": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"product_id": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-debuginfo@4.3p2-36.el5_4.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssh-server-0:4.3p2-36.el5_4.2.s390x",
"product": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.s390x",
"product_id": "openssh-server-0:4.3p2-36.el5_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-server@4.3p2-36.el5_4.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-0:4.3p2-36.el5_4.2.src"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-askpass-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-askpass-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-clients-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-clients-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-clients-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-clients-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-clients-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-server-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-server-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-server-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-server-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-server-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-0:4.3p2-36.el5_4.2.src"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-askpass-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-askpass-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-clients-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-clients-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-clients-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-clients-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-clients-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-server-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-server-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-server-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-server-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-server-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-2904",
"discovery_date": "2009-09-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "522141"
}
],
"notes": [
{
"category": "description",
"text": "A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: possible privilege escalation when using ChrootDirectory setting",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:openssh-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-0:4.3p2-36.el5_4.2.src",
"5Client:openssh-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-0:4.3p2-36.el5_4.2.src",
"5Server:openssh-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2904"
},
{
"category": "external",
"summary": "RHBZ#522141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2904",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2904"
}
],
"release_date": "2009-09-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-09-30T15:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:openssh-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-0:4.3p2-36.el5_4.2.src",
"5Client:openssh-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-0:4.3p2-36.el5_4.2.src",
"5Server:openssh-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"5Client:openssh-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-0:4.3p2-36.el5_4.2.src",
"5Client:openssh-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-0:4.3p2-36.el5_4.2.src",
"5Server:openssh-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: possible privilege escalation when using ChrootDirectory setting"
}
]
}
RHSA-2009_1470
Vulnerability from csaf_redhat - Published: 2009-09-30 15:08 - Updated: 2024-11-22 03:01Summary
Red Hat Security Advisory: openssh security update
Notes
Topic
Updated openssh packages that fix a security issue are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These
packages include the core files necessary for both the OpenSSH client and
server.
A Red Hat specific patch used in the openssh packages as shipped in Red
Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership
requirements for directories used as arguments for the ChrootDirectory
configuration options. A malicious user that also has or previously had
non-chroot shell access to a system could possibly use this flaw to
escalate their privileges and run commands as any system user.
(CVE-2009-2904)
All OpenSSH users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the OpenSSH server daemon (sshd) will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated openssh packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSH is OpenBSD\u0027s SSH (Secure Shell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client and\nserver.\n\nA Red Hat specific patch used in the openssh packages as shipped in Red\nHat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership\nrequirements for directories used as arguments for the ChrootDirectory\nconfiguration options. A malicious user that also has or previously had\nnon-chroot shell access to a system could possibly use this flaw to\nescalate their privileges and run commands as any system user.\n(CVE-2009-2904)\n\nAll OpenSSH users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the OpenSSH server daemon (sshd) will be restarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1470",
"url": "https://access.redhat.com/errata/RHSA-2009:1470"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "522141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1470.json"
}
],
"title": "Red Hat Security Advisory: openssh security update",
"tracking": {
"current_release_date": "2024-11-22T03:01:22+00:00",
"generator": {
"date": "2024-11-22T03:01:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:1470",
"initial_release_date": "2009-09-30T15:08:00+00:00",
"revision_history": [
{
"date": "2009-09-30T15:08:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-09-30T11:10:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:01:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-0:4.3p2-36.el5_4.2.src",
"product": {
"name": "openssh-0:4.3p2-36.el5_4.2.src",
"product_id": "openssh-0:4.3p2-36.el5_4.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh@4.3p2-36.el5_4.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-0:4.3p2-36.el5_4.2.x86_64",
"product": {
"name": "openssh-0:4.3p2-36.el5_4.2.x86_64",
"product_id": "openssh-0:4.3p2-36.el5_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh@4.3p2-36.el5_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"product": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"product_id": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-clients@4.3p2-36.el5_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"product": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"product_id": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-askpass@4.3p2-36.el5_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"product": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"product_id": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-debuginfo@4.3p2-36.el5_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"product": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"product_id": "openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-server@4.3p2-36.el5_4.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-0:4.3p2-36.el5_4.2.i386",
"product": {
"name": "openssh-0:4.3p2-36.el5_4.2.i386",
"product_id": "openssh-0:4.3p2-36.el5_4.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh@4.3p2-36.el5_4.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "openssh-clients-0:4.3p2-36.el5_4.2.i386",
"product": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.i386",
"product_id": "openssh-clients-0:4.3p2-36.el5_4.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-clients@4.3p2-36.el5_4.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"product": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"product_id": "openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-askpass@4.3p2-36.el5_4.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"product": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"product_id": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-debuginfo@4.3p2-36.el5_4.2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "openssh-server-0:4.3p2-36.el5_4.2.i386",
"product": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.i386",
"product_id": "openssh-server-0:4.3p2-36.el5_4.2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-server@4.3p2-36.el5_4.2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-0:4.3p2-36.el5_4.2.ia64",
"product": {
"name": "openssh-0:4.3p2-36.el5_4.2.ia64",
"product_id": "openssh-0:4.3p2-36.el5_4.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh@4.3p2-36.el5_4.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"product": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"product_id": "openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-clients@4.3p2-36.el5_4.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"product": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"product_id": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-askpass@4.3p2-36.el5_4.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"product": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"product_id": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-debuginfo@4.3p2-36.el5_4.2?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "openssh-server-0:4.3p2-36.el5_4.2.ia64",
"product": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.ia64",
"product_id": "openssh-server-0:4.3p2-36.el5_4.2.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-server@4.3p2-36.el5_4.2?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-0:4.3p2-36.el5_4.2.ppc",
"product": {
"name": "openssh-0:4.3p2-36.el5_4.2.ppc",
"product_id": "openssh-0:4.3p2-36.el5_4.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh@4.3p2-36.el5_4.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"product": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"product_id": "openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-clients@4.3p2-36.el5_4.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"product": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"product_id": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-askpass@4.3p2-36.el5_4.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"product": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"product_id": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-debuginfo@4.3p2-36.el5_4.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openssh-server-0:4.3p2-36.el5_4.2.ppc",
"product": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.ppc",
"product_id": "openssh-server-0:4.3p2-36.el5_4.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-server@4.3p2-36.el5_4.2?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-0:4.3p2-36.el5_4.2.s390x",
"product": {
"name": "openssh-0:4.3p2-36.el5_4.2.s390x",
"product_id": "openssh-0:4.3p2-36.el5_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh@4.3p2-36.el5_4.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"product": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"product_id": "openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-clients@4.3p2-36.el5_4.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"product": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"product_id": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-askpass@4.3p2-36.el5_4.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"product": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"product_id": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-debuginfo@4.3p2-36.el5_4.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssh-server-0:4.3p2-36.el5_4.2.s390x",
"product": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.s390x",
"product_id": "openssh-server-0:4.3p2-36.el5_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssh-server@4.3p2-36.el5_4.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-0:4.3p2-36.el5_4.2.src"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-askpass-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-askpass-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-clients-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-clients-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-clients-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-clients-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-clients-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-server-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-server-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-server-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-server-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:openssh-server-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-0:4.3p2-36.el5_4.2.src"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-askpass-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-askpass-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-clients-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-clients-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-clients-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-clients-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-clients-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-server-0:4.3p2-36.el5_4.2.i386"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-server-0:4.3p2-36.el5_4.2.ia64"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-server-0:4.3p2-36.el5_4.2.ppc"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-server-0:4.3p2-36.el5_4.2.s390x"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-0:4.3p2-36.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:openssh-server-0:4.3p2-36.el5_4.2.x86_64"
},
"product_reference": "openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-2904",
"discovery_date": "2009-09-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "522141"
}
],
"notes": [
{
"category": "description",
"text": "A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: possible privilege escalation when using ChrootDirectory setting",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:openssh-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-0:4.3p2-36.el5_4.2.src",
"5Client:openssh-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-0:4.3p2-36.el5_4.2.src",
"5Server:openssh-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2904"
},
{
"category": "external",
"summary": "RHBZ#522141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2904",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2904"
}
],
"release_date": "2009-09-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-09-30T15:08:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:openssh-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-0:4.3p2-36.el5_4.2.src",
"5Client:openssh-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-0:4.3p2-36.el5_4.2.src",
"5Server:openssh-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1470"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"5Client:openssh-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-0:4.3p2-36.el5_4.2.src",
"5Client:openssh-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.i386",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.ia64",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.ppc",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.s390x",
"5Client:openssh-server-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-0:4.3p2-36.el5_4.2.src",
"5Server:openssh-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-askpass-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-clients-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-debuginfo-0:4.3p2-36.el5_4.2.x86_64",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.i386",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.ia64",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.ppc",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.s390x",
"5Server:openssh-server-0:4.3p2-36.el5_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: possible privilege escalation when using ChrootDirectory setting"
}
]
}
CERTA-2010-AVI-106
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système ou d'entraver son bon fonctionnement.
Description
Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware vMA 4.0 sans le patch 3.",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 3.0.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 3.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 2.5.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-2905",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
},
{
"name": "CVE-2009-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1387"
},
{
"name": "CVE-2009-3560",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
},
{
"name": "CVE-2009-2849",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2849"
},
{
"name": "CVE-2009-3916",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3916"
},
{
"name": "CVE-2009-0115",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
},
{
"name": "CVE-2009-1379",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
},
{
"name": "CVE-2009-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3613"
},
{
"name": "CVE-2009-4022",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4022"
},
{
"name": "CVE-2009-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
},
{
"name": "CVE-2009-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3620"
},
{
"name": "CVE-2009-1189",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
},
{
"name": "CVE-2009-3228",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3228"
},
{
"name": "CVE-2009-3547",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3547"
},
{
"name": "CVE-2009-2695",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2695"
},
{
"name": "CVE-2008-4316",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4316"
},
{
"name": "CVE-2009-1378",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
},
{
"name": "CVE-2008-3916",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3916"
},
{
"name": "CVE-2009-1386",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1386"
},
{
"name": "CVE-2009-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
},
{
"name": "CVE-2009-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
},
{
"name": "CVE-2009-3286",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3286"
},
{
"name": "CVE-2008-4552",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4552"
},
{
"name": "CVE-2009-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3612"
},
{
"name": "CVE-2009-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3621"
},
{
"name": "CVE-2009-3720",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
},
{
"name": "CVE-2009-2904",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2904"
},
{
"name": "CVE-2009-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2908"
},
{
"name": "CVE-2009-3726",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3726"
}
],
"links": [],
"reference": "CERTA-2010-AVI-106",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-03-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me ou d\u0027entraver son bon fonctionnement.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware du 03 mars 2010",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
}
]
}
CERTA-2010-AVI-106
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système ou d'entraver son bon fonctionnement.
Description
Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware vMA 4.0 sans le patch 3.",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 3.0.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 3.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 2.5.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-2905",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
},
{
"name": "CVE-2009-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1387"
},
{
"name": "CVE-2009-3560",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
},
{
"name": "CVE-2009-2849",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2849"
},
{
"name": "CVE-2009-3916",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3916"
},
{
"name": "CVE-2009-0115",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
},
{
"name": "CVE-2009-1379",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
},
{
"name": "CVE-2009-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3613"
},
{
"name": "CVE-2009-4022",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4022"
},
{
"name": "CVE-2009-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
},
{
"name": "CVE-2009-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3620"
},
{
"name": "CVE-2009-1189",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
},
{
"name": "CVE-2009-3228",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3228"
},
{
"name": "CVE-2009-3547",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3547"
},
{
"name": "CVE-2009-2695",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2695"
},
{
"name": "CVE-2008-4316",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4316"
},
{
"name": "CVE-2009-1378",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
},
{
"name": "CVE-2008-3916",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3916"
},
{
"name": "CVE-2009-1386",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1386"
},
{
"name": "CVE-2009-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
},
{
"name": "CVE-2009-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
},
{
"name": "CVE-2009-3286",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3286"
},
{
"name": "CVE-2008-4552",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4552"
},
{
"name": "CVE-2009-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3612"
},
{
"name": "CVE-2009-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3621"
},
{
"name": "CVE-2009-3720",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
},
{
"name": "CVE-2009-2904",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2904"
},
{
"name": "CVE-2009-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2908"
},
{
"name": "CVE-2009-3726",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3726"
}
],
"links": [],
"reference": "CERTA-2010-AVI-106",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-03-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me ou d\u0027entraver son bon fonctionnement.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware du 03 mars 2010",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
}
]
}
GHSA-73M8-JFRM-FR4J
Vulnerability from github – Published: 2022-05-02 03:39 – Updated: 2022-05-02 03:39
VLAI?
Details
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
{
"affected": [],
"aliases": [
"CVE-2009-2904"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-10-01T15:30:00Z",
"severity": "MODERATE"
},
"details": "A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.",
"id": "GHSA-73m8-jfrm-fr4j",
"modified": "2022-05-02T03:39:47Z",
"published": "2022-05-02T03:39:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2904"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1470.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html"
},
{
"type": "WEB",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/58495"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38794"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38834"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39182"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/36552"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…