FKIE_CVE-2009-2904

Vulnerability from fkie_nvd - Published: 2009-10-01 15:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html
secalert@redhat.comhttp://lists.vmware.com/pipermail/security-announce/2010/000082.html
secalert@redhat.comhttp://osvdb.org/58495
secalert@redhat.comhttp://secunia.com/advisories/38794
secalert@redhat.comhttp://secunia.com/advisories/38834
secalert@redhat.comhttp://secunia.com/advisories/39182
secalert@redhat.comhttp://www.securityfocus.com/bid/36552
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/0528
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=522141
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1470.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html
af854a3a-2127-422b-91ae-364da2661108http://lists.vmware.com/pipermail/security-announce/2010/000082.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/58495
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38794
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38834
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39182
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36552
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0528
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=522141
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1470.htmlVendor Advisory
Impacted products
Vendor Product Version
openbsd openssh 4.3
openbsd openssh 4.8
fedoraproject fedora 11
redhat enterprise_linux 5
redhat enterprise_linux_desktop 5
redhat enterprise_linux_eus 5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "40B1B209-53B8-48DC-AFFC-BD69D5978A0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*",
              "matchCriteriaId": "5833A489-D6DE-4D51-9E74-189CBC2E28CA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5:*:client:*:*:*:*:*",
              "matchCriteriaId": "AF3FB21C-AC0E-4F6C-B68A-9405E57ADCF0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "443CB3FD-014D-4C37-BB02-03DAA5A3F3C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership."
    },
    {
      "lang": "es",
      "value": "Ciertas modificaciones Ret Hat en ChrootDirectory feature en OpenSSH v4.8, como el usado en sshd en OpenSSH v4.3 en Red Hat Enterprise Linux (RHEL) v5.4 y Fedora v11, permite a usuarios locales obtener privilegios a trav\u00e9s de enlaces fuertes en programas setuid que usa una configuraci\u00f3n de ficheros con el chroot directory, relacionado con requerimientos para el propietario."
    }
  ],
  "id": "CVE-2009-2904",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-10-01T15:30:00.233",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/58495"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/39182"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/36552"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1470.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/58495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1470.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.