The MITRE CVE dictionary describes this issue as:
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Find out more about CVE-2008-1657 from the
MITRE CVE dictionary dictionary and
Not vulnerable. These issues did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.