Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1657

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-1657
Last Modified 08 Aug 2014 04:43:03
Published 02 Apr 2008 02:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-1657

Summary

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

Vulnerable Systems

Application

  • Openbsd 4.2

  • Openbsd Openssh 4.4

  • Openbsd Openssh 4.4p1

  • Openbsd Openssh 4.5

  • Openbsd Openssh 4.6

  • Openbsd Openssh 4.7

  • Openbsd Openssh 4.8

  • Openssh 4.4

  • Openssh 4.5

  • Openssh 4.6

  • Openssh 4.7

  • Openssh 4.8


References

CERT - TA08-260A

BID - 28531

OPENBSD - [4.3] 001: SECURITY FIX: March 30, 2008

CONFIRM - https://issues.rpath.com/browse/RPL-2419

XF - openssh-forcecommand-command-execution(41549)

VUPEN - ADV-2008-2584

VUPEN - ADV-2008-2396

VUPEN - ADV-2008-1624

VUPEN - ADV-2008-1035

UBUNTU - USN-649-1

SECTRACK - 1019733

BUGTRAQ - 20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server

CONFIRM - http://www.openssh.com/txt/release-4.9

MANDRIVA - MDVSA-2008:098

GENTOO - GLSA-200804-03

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139

CONFIRM - http://support.attachmate.com/techdocs/2374.html

SECUNIA - 32110

SECUNIA - 32080

SECUNIA - 31882

SECUNIA - 31531

SECUNIA - 30361

SECUNIA - 29939

SECUNIA - 29735

SECUNIA - 29693

SECUNIA - 29683

SECUNIA - 29609

SECUNIA - 29602

SUSE - SUSE-SR:2008:009

APPLE - APPLE-SA-2008-09-15

MISC - http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc

NETBSD - NetBSD-SA2008-005

Related Patches

Apple 2008-09-15 Security Update 2008-006 (PPC)

Apple 2008-09-15 Security Update 2008-006 Server (PPC)

Apple 2008-09-15 Mac OS X 10.5.5 Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Combo Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Update

Apple 2008-09-15 Security Update 2008-006 (Intel)

Apple 2008-09-15 Mac OS X 10.5.5 Combo Update

Apple 2008-09-15 Security Update 2008-006 Server (Intel)


Last Updated: 27 May 2016 10:50:04