Oval Definition:oval:com.redhat.rhsa:def:20091470
Revision Date:2009-09-30Version:637
Title:RHSA-2009:1470: openssh security update (Moderate)
Description:OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.

  • A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot shell access to a system could possibly use this flaw to escalate their privileges and run commands as any system user. (CVE-2009-2904)

    All OpenSSH users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2009-2904
    RHSA-2009:1470
    RHSA-2009:1470-01
    RHSA-2009:1470-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • openssh is earlier than 0:4.3p2-36.el5_4.2
  • AND openssh is signed with Red Hat redhatrelease2 key
  • openssh-askpass is earlier than 0:4.3p2-36.el5_4.2
  • AND openssh-askpass is signed with Red Hat redhatrelease2 key
  • openssh-clients is earlier than 0:4.3p2-36.el5_4.2
  • AND openssh-clients is signed with Red Hat redhatrelease2 key
  • openssh-server is earlier than 0:4.3p2-36.el5_4.2
  • AND openssh-server is signed with Red Hat redhatrelease2 key
    • BACK