CVE-2008-1657

Published: 2 April 2008

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

Priority

Status

Package	Release	Status
openssh Launchpad, Ubuntu, Debian	upstream	Released (1:4.7p1-8)
	dapper	Not vulnerable (code not present)
	edgy	Not vulnerable (code not present)
	feisty	Not vulnerable (code not present)
	gutsy	Released (1:4.6p1-5ubuntu0.6)
	hardy	Released (1:4.7p1-8ubuntu1)
	Patches: vendor: http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657
https://ubuntu.com/security/notices/USN-649-1
NVD
Launchpad
Debian

Bugs

https://launchpad.net/bugs/227322

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›