CVE-2008-1657
published 2008-04-02CVE-2008-1657: OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
PriorityP427medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
2.22%
80.5th percentile
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:4.7p1-8 (bookworm) | openssh 1:4.7p1-8 (bookworm) |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | >= 0 < 1:4.7p1-8 | 1:4.7p1-8 |
| openbsd | openssh | >= 0 < 1:4.7p1-8 | 1:4.7p1-8 |
| openbsd | openssh | >= 0 < 1:4.7p1-8 | 1:4.7p1-8 |
| openbsd | openssh | >= 0 < 1:4.7p1-8 | 1:4.7p1-8 |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM
vendor_debian6.5LOW
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4fmw-7mgw-xgw8: OpenSSH 4
ghsa_unreviewed·2022-05-03
CVE-2008-1657 [MEDIUM] GHSA-4fmw-7mgw-xgw8: OpenSSH 4
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
OSV
CVE-2008-1657: OpenSSH 4
osv·2008-04-02·CVSS 6.5
CVE-2008-1657 [MEDIUM] CVE-2008-1657: OpenSSH 4
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Ubuntu
OpenSSH vulnerabilities
vendor_ubuntu·2008-10-01·CVSS 6.5
CVE-2008-1657 [MEDIUM] OpenSSH vulnerabilities
Title: OpenSSH vulnerabilities
Summary: OpenSSH vulnerabilities
It was discovered that the ForceCommand directive could be bypassed.
If a local user created a malicious ~/.ssh/rc file, they could execute
arbitrary commands as their user id. This only affected Ubuntu 7.10.
(CVE-2008-1657)
USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the
fixes for this issue were incomplete. A remote attacker could attempt
multiple logins, filling all available connection slots, leading to a
denial of service. This only affected Ubuntu 6.06 and 7.04.
(CVE-2008-4109)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
openssh: commands in ~/.ssh/rc override ForceCommand directive
vendor_redhat·2008-03-31·CVSS 6.5
CVE-2008-1657 [MEDIUM] openssh: commands in ~/.ssh/rc override ForceCommand directive
openssh: commands in ~/.ssh/rc override ForceCommand directive
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Statement: Not vulnerable. These issues did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Debian
CVE-2008-1657: openssh - OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypas...
vendor_debian·2008·CVSS 6.5
CVE-2008-1657 [MEDIUM] CVE-2008-1657: openssh - OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypas...
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Scope: local
bookworm: resolved (fixed in 1:4.7p1-8)
bullseye: resolved (fixed in 1:4.7p1-8)
forky: resolved (fixed in 1:4.7p1-8)
sid: resolved (fixed in 1:4.7p1-8)
trixie: resolved (fixed in 1:4.7p1-8)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-1657 openssh: commands in ~/.ssh/rc override ForceCommand directive
bugzilla·2008-04-02·CVSS 6.5
CVE-2008-1657 [MEDIUM] CVE-2008-1657 openssh: commands in ~/.ssh/rc override ForceCommand directive
CVE-2008-1657 openssh: commands in ~/.ssh/rc override ForceCommand directive
OpenSSH version 4.9 fixed an issue that allowed local users with write access to
their ~/.ssh/rc file to override administratively set ForceCommand, possibly
bypassing intended security restrictions.
References:
http://marc.info/?l=openssh-unix-dev&m=120692745026265&w=2
http://secunia.com/advisories/29602/
http://openbsd.org/errata43.html#001_openssh
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/001_openssh.patch
Discussion:
Affects only F7, F8 & Rawhide.
---
Tomas is obviously right. ForceCommand directive was introduced in OpenSSH
version 4.4 (http://openssh.org/txt/release-4.4):
Changes since OpenSSH 4.3:
[...]
* Added a "ForceCommand" directive to sshd_config(5). Similar to the
command="..." op
Bugzilla
CVE-2007-4752 CVE-2008-1657 openssh multiple issues [Fedora 7]
bugzilla·2007-09-06·CVSS 7.5
CVE-2007-4752 [HIGH] CVE-2007-4752 CVE-2008-1657 openssh multiple issues [Fedora 7]
CVE-2007-4752 CVE-2008-1657 openssh multiple issues [Fedora 7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Ping on this.
---
Added blocks for CVE-2008-1657.
You may use following link to create update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type=security&release=Fedora%207&bugs=280461,280361,440268
---
This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.aschttp://aix.software.ibm.com/aix/efixes/security/ssh_advisory.aschttp://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.htmlhttp://secunia.com/advisories/29602http://secunia.com/advisories/29609http://secunia.com/advisories/29683http://secunia.com/advisories/29693http://secunia.com/advisories/29735http://secunia.com/advisories/29939http://secunia.com/advisories/30361http://secunia.com/advisories/31531http://secunia.com/advisories/31882http://secunia.com/advisories/32080http://secunia.com/advisories/32110http://support.attachmate.com/techdocs/2374.htmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139http://www.gentoo.org/security/en/glsa/glsa-200804-03.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:098http://www.openbsd.org/errata43.html#001_opensshhttp://www.openssh.com/txt/release-4.9http://www.securityfocus.com/archive/1/490488/100/0/threadedhttp://www.securityfocus.com/bid/28531http://www.securitytracker.com/id?1019733http://www.ubuntu.com/usn/usn-649-1http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/1035/referenceshttp://www.vupen.com/english/advisories/2008/1624/referenceshttp://www.vupen.com/english/advisories/2008/2396http://www.vupen.com/english/advisories/2008/2584https://exchange.xforce.ibmcloud.com/vulnerabilities/41549https://issues.rpath.com/browse/RPL-2419ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.aschttp://aix.software.ibm.com/aix/efixes/security/ssh_advisory.aschttp://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.htmlhttp://secunia.com/advisories/29602http://secunia.com/advisories/29609http://secunia.com/advisories/29683http://secunia.com/advisories/29693http://secunia.com/advisories/29735http://secunia.com/advisories/29939http://secunia.com/advisories/30361http://secunia.com/advisories/31531http://secunia.com/advisories/31882http://secunia.com/advisories/32080http://secunia.com/advisories/32110http://support.attachmate.com/techdocs/2374.htmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139http://www.gentoo.org/security/en/glsa/glsa-200804-03.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:098http://www.openbsd.org/errata43.html#001_opensshhttp://www.openssh.com/txt/release-4.9http://www.securityfocus.com/archive/1/490488/100/0/threadedhttp://www.securityfocus.com/bid/28531http://www.securitytracker.com/id?1019733http://www.ubuntu.com/usn/usn-649-1http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/1035/referenceshttp://www.vupen.com/english/advisories/2008/1624/referenceshttp://www.vupen.com/english/advisories/2008/2396http://www.vupen.com/english/advisories/2008/2584https://exchange.xforce.ibmcloud.com/vulnerabilities/41549https://issues.rpath.com/browse/RPL-2419
2008-04-02
Published