|Bugzilla:||440268: CVE-2008-1657 openssh: commands in ~/.ssh/rc override ForceCommand directive|
The MITRE CVE dictionary describes this issue as:
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Not vulnerable. These issues did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat security errata
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.