DescriptionOpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
Note from the SUSE Security TeamSUSE Linux Enterprise 10 SP 3 and earlier included versions up to openssh 4.2p1, which are not affected by this problem. SUSE Linux Enterprise 10 SP4 and later versions include versions of openssh 5.1p1 and later, which are no longer affected by this problem. As we had no shipping openssh on SUSE Linux Enterprise in the affected range of 4.4 up to 4.9, we did not need to release updates. Updates for openSUSE 10.2 and 10.3 have been released. SUSE Bugzilla entry: 376668 [RESOLVED / FIXED]
SUSE Security Advisories:
- SUSE-SR:2008:009, published Fri, 11 Apr 2008 15:00:00 +0000
- TID7022102, published Sat Mar 3 09:45:41 UTC 2018
SUSE Timeline for this CVECVE page created: Fri Jun 28 03:39:22 2013
CVE page last modified: Fri Oct 7 12:45:40 2022