CVE-2009-2904

Name of the Vulnerable Software and Affected Versions OpenSSH version 4.3p2 OpenSSH versions 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11

Description The issue allows for the exploitation of a vulnerability in OpenSSH, potentially leading to a breach of confidentiality, integrity, and availability of protected information. This can be exploited remotely. A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory.

Recommendations For OpenSSH version 4.3p2, update to a newer version to mitigate the risk. For OpenSSH versions 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, consider restricting access to the ChrootDirectory feature until a patch is available. As a temporary workaround, consider disabling the setuid programs that use configuration files within the chroot directory to minimize the risk of exploitation.