{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-30T00:00:00", "descriptions": [{"lang": "en", "value": "OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "28531", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28531"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.attachmate.com/techdocs/2374.html"}, {"name": "USN-649-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-649-1"}, {"name": "32110", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32110"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-2419"}, {"name": "APPLE-SA-2008-09-15", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"}, {"name": "29609", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29609"}, {"name": "31531", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31531"}, {"name": "[4.3] 001: SECURITY FIX: March 30, 2008", "tags": ["vendor-advisory", "x_refsource_OPENBSD"], "url": "http://www.openbsd.org/errata43.html#001_openssh"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"}, {"name": "TA08-260A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openssh.com/txt/release-4.9"}, {"name": "1019733", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019733"}, {"name": "ADV-2008-1624", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1624/references"}, {"name": "ADV-2008-2584", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2584"}, {"name": "29735", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29735"}, {"name": "29683", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29683"}, {"name": "30361", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30361"}, {"name": "31882", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31882"}, {"name": "SUSE-SR:2008:009", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"}, {"name": "32080", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32080"}, {"name": "ADV-2008-2396", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2396"}, {"name": "29939", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29939"}, {"name": "ADV-2008-1035", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1035/references"}, {"name": "29602", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29602"}, {"name": "20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/490488/100/0/threaded"}, {"name": "NetBSD-SA2008-005", "tags": ["vendor-advisory", "x_refsource_NETBSD"], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139"}, {"name": "29693", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29693"}, {"name": "MDVSA-2008:098", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:098"}, {"name": "GLSA-200804-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"}, {"name": "openssh-forcecommand-command-execution(41549)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41549"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1657", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28531", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28531"}, {"name": "http://support.attachmate.com/techdocs/2374.html", "refsource": "CONFIRM", "url": "http://support.attachmate.com/techdocs/2374.html"}, {"name": "USN-649-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-649-1"}, {"name": "32110", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32110"}, {"name": "https://issues.rpath.com/browse/RPL-2419", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-2419"}, {"name": "APPLE-SA-2008-09-15", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"}, {"name": "29609", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29609"}, {"name": "31531", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31531"}, {"name": "[4.3] 001: SECURITY FIX: March 30, 2008", "refsource": "OPENBSD", "url": "http://www.openbsd.org/errata43.html#001_openssh"}, {"name": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"}, {"name": "TA08-260A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"}, {"name": "http://www.openssh.com/txt/release-4.9", "refsource": "CONFIRM", "url": "http://www.openssh.com/txt/release-4.9"}, {"name": "1019733", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019733"}, {"name": "ADV-2008-1624", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1624/references"}, {"name": "ADV-2008-2584", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2584"}, {"name": "29735", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29735"}, {"name": "29683", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29683"}, {"name": "30361", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30361"}, {"name": "31882", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31882"}, {"name": "SUSE-SR:2008:009", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"}, {"name": "32080", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32080"}, {"name": "ADV-2008-2396", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2396"}, {"name": "29939", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29939"}, {"name": "ADV-2008-1035", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1035/references"}, {"name": "29602", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29602"}, {"name": "20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/490488/100/0/threaded"}, {"name": "NetBSD-SA2008-005", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139"}, {"name": "29693", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29693"}, {"name": "MDVSA-2008:098", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:098"}, {"name": "GLSA-200804-03", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"}, {"name": "openssh-forcecommand-command-execution(41549)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41549"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:32:01.162Z"}, "title": "CVE Program Container", "references": [{"name": "28531", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28531"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.attachmate.com/techdocs/2374.html"}, {"name": "USN-649-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-649-1"}, {"name": "32110", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32110"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-2419"}, {"name": "APPLE-SA-2008-09-15", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"}, {"name": "29609", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29609"}, {"name": "31531", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31531"}, {"name": "[4.3] 001: SECURITY FIX: March 30, 2008", "tags": ["vendor-advisory", "x_refsource_OPENBSD", "x_transferred"], "url": "http://www.openbsd.org/errata43.html#001_openssh"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"}, {"name": "TA08-260A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openssh.com/txt/release-4.9"}, {"name": "1019733", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019733"}, {"name": "ADV-2008-1624", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1624/references"}, {"name": "ADV-2008-2584", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2584"}, {"name": "29735", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29735"}, {"name": "29683", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29683"}, {"name": "30361", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30361"}, {"name": "31882", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31882"}, {"name": "SUSE-SR:2008:009", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"}, {"name": "32080", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32080"}, {"name": "ADV-2008-2396", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2396"}, {"name": "29939", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29939"}, {"name": "ADV-2008-1035", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1035/references"}, {"name": "29602", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29602"}, {"name": "20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/490488/100/0/threaded"}, {"name": "NetBSD-SA2008-005", "tags": ["vendor-advisory", "x_refsource_NETBSD", "x_transferred"], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139"}, {"name": "29693", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29693"}, {"name": "MDVSA-2008:098", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:098"}, {"name": "GLSA-200804-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"}, {"name": "openssh-forcecommand-command-execution(41549)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41549"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1657", "datePublished": "2008-04-02T18:00:00", "dateReserved": "2008-04-02T00:00:00", "dateUpdated": "2024-08-07T08:32:01.162Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*", "matchCriteriaId": "E3094069-AC2E-43BD-8094-D48E2526DECC", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "2A7154C4-8325-4495-92B1-B7897CD7303E", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "99BF4471-763B-485A-ABD5-C68AD0A14058", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*", "matchCriteriaId": "40B1B209-53B8-48DC-AFFC-BD69D5978A0B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file."}, {"lang": "es", "value": "OpenSSH versi\u00f3n 4.4 anterior a 4.9, permite a los usuarios autenticados remotos omitir la directiva ForceCommand de sshd_config mediante la modificaci\u00f3n del archivo de sesi\u00f3n .ssh/rc."}], "id": "CVE-2008-1657", "lastModified": "2024-11-21T00:45:01.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-02T18:44:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"}, {"source": "cve@mitre.org", "url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29602"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29609"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29683"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29693"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29735"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29939"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30361"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31531"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31882"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32080"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32110"}, {"source": "cve@mitre.org", "url": "http://support.attachmate.com/techdocs/2374.html"}, {"source": "cve@mitre.org", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:098"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openbsd.org/errata43.html#001_openssh"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.openssh.com/txt/release-4.9"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/490488/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/28531"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019733"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-649-1"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1035/references"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1624/references"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2396"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2584"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41549"}, {"source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-2419"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29602"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29609"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29683"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29735"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31531"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31882"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32110"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.attachmate.com/techdocs/2374.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:098"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openbsd.org/errata43.html#001_openssh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.openssh.com/txt/release-4.9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/490488/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/28531"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019733"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-649-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1035/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1624/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2584"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-2419"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. These issues did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "lastModified": "2008-04-03T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "openssh: commands in ~/.ssh/rc override ForceCommand directive", "id": "440268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=440268"}, "csaw": false, "details": ["OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file."], "name": "CVE-2008-1657", "public_date": "2008-03-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-1657\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-1657"], "statement": "Not vulnerable. These issues did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "threat_severity": "Low"}