CVE Vulnerabilities

CVE-2008-1657

Published: Apr 02, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

Affected Software

Name Vendor Start Version End Version
Openssh Openbsd 4.4 4.4
Openssh Openbsd 4.4p1 4.4p1
Openssh Openbsd 4.5 4.5
Openssh Openbsd 4.6 4.6
Openssh Openbsd 4.7 4.7
Openssh Openbsd 4.8 4.8
Openssh Ubuntu devel *
Openssh Ubuntu gutsy *
Openssh Ubuntu hardy *
Openssh Ubuntu upstream *

References