Is OpenSSH shipped with RHEL affected by CVE-2008-1657 ?

Solution Verified - Updated -

Issue

  • Is OpenSSH shipped with Red Hat Enterprise Linux affected by CVE-2008-1657 ?

Vulnerability Name: (CVE-2008-1657)OpenSSH ForceCommand Command Execution Weaknes.

Description: OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

Environment

  • Red Hat Enterprise Linux
  • OpenSSH

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In