 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.64992 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2009:1470 |
| Summary: | The remote host is missing updates announced in;advisory RHSA-2009:1470.;;OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These;packages include the core files necessary for both the OpenSSH client and;server.;;A Red Hat specific patch used in the openssh packages as shipped in Red;Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership;requirements for directories used as arguments for the ChrootDirectory;configuration options. A malicious user that also has or previously had;non-chroot shell access to a system could possibly use this flaw to;escalate their privileges and run commands as any system user.;(CVE-2009-2904);;All OpenSSH users are advised to upgrade to these updated packages, which;contain a backported patch to resolve this issue. After installing this;update, the OpenSSH server daemon (sshd) will be restarted automatically. |
| Description: | Summary: The remote host is missing updates announced in advisory RHSA-2009:1470. OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot shell access to a system could possibly use this flaw to escalate their privileges and run commands as any system user. (CVE-2009-2904) All OpenSSH users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-2904 36552 http://www.securityfocus.com/bid/36552 38794 http://secunia.com/advisories/38794 38834 http://secunia.com/advisories/38834 39182 http://secunia.com/advisories/39182 58495 http://osvdb.org/58495 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 FEDORA-2010-5429 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html RHSA-2009:1470 https://rhn.redhat.com/errata/RHSA-2009-1470.html [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html https://bugzilla.redhat.com/show_bug.cgi?id=522141 oval:org.mitre.oval:def:9862 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |