CVE Database


Impact: Low
Public: 2008-03-31
Bugzilla: 440268: CVE-2008-1657 openssh: commands in ~/.ssh/rc override ForceCommand directive


The MITRE CVE dictionary describes this issue as:

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

Find out more about CVE-2008-1657 from the MITRE CVE dictionary and NIST NVD.


Not vulnerable. These issues did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Red Hat security errata

Platform Errata Release Date

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.