CVE-2008-1657 at MITRE
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
CVSS v2 Scores
| ||National Vulnerability Database
|Base Score ||6.5
|Access Vector ||Network
|Access Complexity ||Low
|Confidentiality Impact ||Partial
|Integrity Impact ||Partial
|Availability Impact ||Partial
Note from the SUSE Security Team
SUSE Linux Enterprise 10 SP 3 and earlier included versions up to openssh 4.2p1, which are not affected by this problem. SUSE Linux Enterprise 10 SP4 and later versions include versions of openssh 5.1p1 and later, which are no longer affected by this problem. As we had no shipping openssh on SUSE Linux Enterprise in the affected range of 4.4 up to 4.9, we did not need to release updates. Updates for openSUSE 10.2 and 10.3 have been released.
SUSE Bugzilla entry: 376668
[RESOLVED / FIXED]
SUSE Security Advisories: