Title: OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
Sep 30, 2009
OpenSSH contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error occurs in the ChrootDirectory feature during the handling of hard links to setuid programs that utilize configuration files in the chroot directory. This may allow a local attacker to gain escalated privileges.
Local Access Required
Loss of Integrity
Patch / RCS
It has been reported that this issue has been fixed. Upgrade to version 5.2p1-6.fc11, or higher, to address this vulnerability.