CVE-2009-2904

N/A Unknown
Published: October 01, 2009 Modified: April 23, 2026
View on NVD

Description

A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html
Source: secalert@redhat.com
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Source: secalert@redhat.com
http://osvdb.org/58495
Source: secalert@redhat.com
http://secunia.com/advisories/38794
Source: secalert@redhat.com
http://secunia.com/advisories/38834
Source: secalert@redhat.com
http://secunia.com/advisories/39182
Source: secalert@redhat.com
http://www.securityfocus.com/bid/36552
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2010/0528
Source: secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=522141
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862
Source: secalert@redhat.com
https://rhn.redhat.com/errata/RHSA-2009-1470.html
Source: secalert@redhat.com
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://osvdb.org/58495
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/38794
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/38834
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/39182
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/36552
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2010/0528
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.redhat.com/show_bug.cgi?id=522141
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862
Source: af854a3a-2127-422b-91ae-364da2661108
https://rhn.redhat.com/errata/RHSA-2009-1470.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

22 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.0%
12th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-16

Affected Vendors

redhat fedoraproject openbsd

Related CVEs

CVE-2026-7073 7.3
CVE-2026-7072 7.3
CVE-2026-7071 5.3
CVE-2026-7070 7.3
CVE-2026-7069 8.0