CVE-2008-1657

Severity

65%

Complexity

80%

Confidentiality

106%

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

Type

OpenBSD OpenSSH

First reported 16 years ago

2008-04-02 18:44:00

Last updated 6 years ago

2018-10-11 20:35:00

Affected Software

OpenBSD OpenSSH 4.4

4.4

OpenBSD OpenSSH Portable 4.4.p1

4.4p1

OpenBSD OpenSSH 4.5

4.5

OpenBSD OpenSSH 4.6

4.6

OpenBSD OpenSSH 4.7

4.7

OpenBSD OpenSSH 4.8

4.8

References

NetBSD-SA2008-005

http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc

APPLE-SA-2008-09-15

SUSE-SR:2008:009

29602

Vendor Advisory

29609

Vendor Advisory

29683

Vendor Advisory

29693

Vendor Advisory

29735

Vendor Advisory

29939

Vendor Advisory

30361

Vendor Advisory

31531

Vendor Advisory

31882

Vendor Advisory

32080

Vendor Advisory

32110

Vendor Advisory

http://support.attachmate.com/techdocs/2374.html

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139

GLSA-200804-03

MDVSA-2008:098

[4.3] 001: SECURITY FIX: March 30, 2008

Patch

http://www.openssh.com/txt/release-4.9

Vendor Advisory

20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server

28531

Patch

1019733

USN-649-1

TA08-260A

US Government Resource

ADV-2008-1035

Vendor Advisory

ADV-2008-1624

Vendor Advisory

ADV-2008-2396

Vendor Advisory

ADV-2008-2584

Vendor Advisory

openssh-forcecommand-command-execution(41549)

https://issues.rpath.com/browse/RPL-2419

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.