CVE-2008-1657Openssh vulnerability

CWE-2649 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 35.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openbsd Openssh
Timeline
PublishedApr 2
Latest updateMay 3

Description

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

Debianopenbsd/openssh< 1:4.7p1-8+3
NVDopenbsd/openssh6 versions+5

Patches

Patch: www.openbsd.orgPatch: www.securityfocus.comPatch: www.openbsd.org

🔴Vulnerability Details

3
GHSA
GHSA-4fmw-7mgw-xgw8: OpenSSH 42022-05-03
CVEList
CVE-2008-1657: OpenSSH 42008-04-02
OSV
CVE-2008-1657: OpenSSH 42008-04-02

📋Vendor Advisories

3
Ubuntu
OpenSSH vulnerabilities2008-10-01
Red Hat
openssh: commands in ~/.ssh/rc override ForceCommand directive2008-03-31
Debian
CVE-2008-1657: openssh - OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypas...2008

💬Community

2
Bugzilla
CVE-2008-1657 openssh: commands in ~/.ssh/rc override ForceCommand directive2008-04-02
Bugzilla
CVE-2007-4752 CVE-2008-1657 openssh multiple issues [Fedora 7]2007-09-06
CVE-2008-1657 — Openbsd Openssh vulnerability | cvebase