OSVDB ID: 58495

Title: OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation

Info

Disclosure

Sep 30, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

OpenSSH contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error occurs in the ChrootDirectory feature during the handling of hard links to setuid programs that utilize configuration files in the chroot directory. This may allow a local attacker to gain escalated privileges.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

It has been reported that this issue has been fixed. Upgrade to version 5.2p1-6.fc11, or higher, to address this vulnerability.

Products

OpenBSD	OpenSSH	4.8
		4.3

References

CVE ID: 2009-2904 (see also: NVD)
Bugtraq ID: 36552
Secunia Advisory ID: 36866 38794 38834 39182
Vendor Specific News/Changelog Entry: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
https://bugzilla.redhat.com/show_bug.cgi?id=522141
Vendor URL: http://www.openssh.org/
RedHat RHSA: RHSA-2009:1470

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/58495

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

OpenBSD

OpenSSH

References

Credit