[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-2904Date: (C)2009-10-01   (M)2023-12-22


A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-36552
SECUNIA-38794
SECUNIA-38834
SECUNIA-39182
OSVDB-58495
ADV-2010-0528
FEDORA-2010-5429
RHSA-2009:1470
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
https://bugzilla.redhat.com/show_bug.cgi?id=522141
oval:org.mitre.oval:def:9862

CPE    4
cpe:/o:redhat:enterprise_linux:5::server
cpe:/a:openbsd:openssh:4.3
cpe:/o:fedoraproject:fedora:11
cpe:/a:openbsd:openssh:4.8
...
CWE    1
CWE-16
OVAL    4
oval:org.secpod.oval:def:500680
oval:org.secpod.oval:def:201968
oval:org.secpod.oval:def:202054
oval:org.secpod.oval:def:103268
...

© SecPod Technologies