6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.7%
OpenSSH is OpenBSD’s SSH (Secure Shell) protocol implementation. These
packages include the core files necessary for both the OpenSSH client and
server.
A Red Hat specific patch used in the openssh packages as shipped in Red
Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership
requirements for directories used as arguments for the ChrootDirectory
configuration options. A malicious user that also has or previously had
non-chroot shell access to a system could possibly use this flaw to
escalate their privileges and run commands as any system user.
(CVE-2009-2904)
All OpenSSH users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the OpenSSH server daemon (sshd) will be restarted automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | ia64 | openssh | < 4.3p2-36.el5_4.2 | openssh-4.3p2-36.el5_4.2.ia64.rpm |
RedHat | 5 | src | openssh | < 4.3p2-36.el5_4.2 | openssh-4.3p2-36.el5_4.2.src.rpm |
RedHat | 5 | ia64 | openssh-server | < 4.3p2-36.el5_4.2 | openssh-server-4.3p2-36.el5_4.2.ia64.rpm |
RedHat | 5 | s390x | openssh-askpass | < 4.3p2-36.el5_4.2 | openssh-askpass-4.3p2-36.el5_4.2.s390x.rpm |
RedHat | 5 | s390x | openssh | < 4.3p2-36.el5_4.2 | openssh-4.3p2-36.el5_4.2.s390x.rpm |
RedHat | 5 | x86_64 | openssh-clients | < 4.3p2-36.el5_4.2 | openssh-clients-4.3p2-36.el5_4.2.x86_64.rpm |
RedHat | 5 | i386 | openssh-server | < 4.3p2-36.el5_4.2 | openssh-server-4.3p2-36.el5_4.2.i386.rpm |
RedHat | 5 | ia64 | openssh-clients | < 4.3p2-36.el5_4.2 | openssh-clients-4.3p2-36.el5_4.2.ia64.rpm |
RedHat | 5 | ppc | openssh-server | < 4.3p2-36.el5_4.2 | openssh-server-4.3p2-36.el5_4.2.ppc.rpm |
RedHat | 5 | s390x | openssh-clients | < 4.3p2-36.el5_4.2 | openssh-clients-4.3p2-36.el5_4.2.s390x.rpm |