CVE-2008-1657

Impact:
Low
Public Date:
2008-03-31
Bugzilla:
440268: CVE-2008-1657 openssh: commands in ~/.ssh/rc override ForceCommand directive

The MITRE CVE dictionary describes this issue as:

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

Find out more about CVE-2008-1657 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Not vulnerable. These issues did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.