cbcvebase.
CVE-2008-1657
published 2008-04-02

CVE-2008-1657: OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

PriorityP427medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
2.22%
80.5th percentile
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianopenssh< openssh 1:4.7p1-8 (bookworm)openssh 1:4.7p1-8 (bookworm)
openbsdopenssh
openbsdopenssh
openbsdopenssh
openbsdopenssh
openbsdopenssh
openbsdopenssh
openbsdopenssh>= 0 < 1:4.7p1-81:4.7p1-8
openbsdopenssh>= 0 < 1:4.7p1-81:4.7p1-8
openbsdopenssh>= 0 < 1:4.7p1-81:4.7p1-8
openbsdopenssh>= 0 < 1:4.7p1-81:4.7p1-8

CVSS provenance

nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM
vendor_debian6.5LOW
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.