Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2009:1470
HistorySep 30, 2009 - 12:00 a.m.

(RHSA-2009:1470) Moderate: openssh security update

2009-09-3000:00:00
access.redhat.com
25

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.7%

JSON

OpenSSH is OpenBSD’s SSH (Secure Shell) protocol implementation. These
packages include the core files necessary for both the OpenSSH client and
server.

A Red Hat specific patch used in the openssh packages as shipped in Red
Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership
requirements for directories used as arguments for the ChrootDirectory
configuration options. A malicious user that also has or previously had
non-chroot shell access to a system could possibly use this flaw to
escalate their privileges and run commands as any system user.
(CVE-2009-2904)

All OpenSSH users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the OpenSSH server daemon (sshd) will be restarted automatically.

OSVersionArchitecturePackageVersionFilename
RedHat5ia64openssh< 4.3p2-36.el5_4.2openssh-4.3p2-36.el5_4.2.ia64.rpm
RedHat5srcopenssh< 4.3p2-36.el5_4.2openssh-4.3p2-36.el5_4.2.src.rpm
RedHat5ia64openssh-server< 4.3p2-36.el5_4.2openssh-server-4.3p2-36.el5_4.2.ia64.rpm
RedHat5s390xopenssh-askpass< 4.3p2-36.el5_4.2openssh-askpass-4.3p2-36.el5_4.2.s390x.rpm
RedHat5s390xopenssh< 4.3p2-36.el5_4.2openssh-4.3p2-36.el5_4.2.s390x.rpm
RedHat5x86_64openssh-clients< 4.3p2-36.el5_4.2openssh-clients-4.3p2-36.el5_4.2.x86_64.rpm
RedHat5i386openssh-server< 4.3p2-36.el5_4.2openssh-server-4.3p2-36.el5_4.2.i386.rpm
RedHat5ia64openssh-clients< 4.3p2-36.el5_4.2openssh-clients-4.3p2-36.el5_4.2.ia64.rpm
RedHat5ppcopenssh-server< 4.3p2-36.el5_4.2openssh-server-4.3p2-36.el5_4.2.ppc.rpm
RedHat5s390xopenssh-clients< 4.3p2-36.el5_4.2openssh-clients-4.3p2-36.el5_4.2.s390x.rpm
Rows per page:
1-10 of 211

Related

nessus 9
fedora 1
openvas 9
f5 2
cve 1
veracode 1
prion 1
debiancve 1
oraclelinux 1
ubuntucve 1
centos 1
vmware 2
nessus
nessus
Scientific Linux Security Update : openssh on SL5.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 5 : openssh (ELSA-2009-1470)
2013-07-12 00:00:00
F5 Networks BIG-IP : OpenSSH vulnerability (SOL15156)
2014-10-10 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: openssh-5.2p1-6.fc11
2010-03-30 02:17:47
openvas
openvas
CentOS Update for openssh CESA-2009:1470 centos5 i386
2011-08-09 00:00:00
RedHat Security Advisory RHSA-2009:1470
2009-10-06 00:00:00
CentOS Update for openssh CESA-2009:1470 centos5 i386
2011-08-09 00:00:00
f5
f5
K15156 : OpenSSH vulnerability CVE-2009-2904
2014-04-24 00:00:00
SOL15156 - OpenSSH vulnerability CVE-2009-2904
2014-04-10 00:00:00
cve
cve
CVE-2009-2904
2009-10-01 15:30:00
veracode
veracode
Privilege Escalation
2020-04-10 00:37:23
prion
prion
Design/Logic Flaw
2009-10-01 15:30:00
debiancve
debiancve
CVE-2009-2904
2009-10-01 15:30:00
oraclelinux
oraclelinux
openssh security update
2009-09-30 00:00:00
ubuntucve
ubuntucve
CVE-2009-2904
2009-10-01 00:00:00
centos
centos
openssh security update
2009-10-30 14:43:57
vmware
vmware
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESX Service Console and vMA third party updates
2010-03-03 00:00:00

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.7%

JSON
Related for RHSA-2009:1470
nessus9fedora1openvas9f52cve1veracode1prion1debiancve1oraclelinux1ubuntucve1centos1vmware2