Home > Vulnerability Database > CVE-2009-2904

Mend.io Vulnerability Database

CVE-2009-2904

Date: October 1, 2009

A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.

Severity Score

7.4

Related Resources (14)

Url: http://secunia.com/advisories/38834

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=522141

Url: https://access.redhat.com/security/cve/CVE-2009-2904

Url: http://www.vupen.com/english/advisories/2010/0528

Url: http://secunia.com/advisories/38794

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-2904

Url: http://osvdb.org/58495

Url: http://secunia.com/advisories/39182

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862

Url: http://www.securityfocus.com/bid/36552

Url: http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Url: https://rhn.redhat.com/errata/RHSA-2009-1470.html

Url: https://www.mend.io/vulnerability-database/CVE-2009-2904

Severity Score

7.4

Weakness Type (CWE)

Configuration

CWE-16

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-2904

Date: October 1, 2009

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?