CVE-2008-1657

Related Files

Ubuntu Security Notice 649-1

Posted Oct 2, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 649-1 - It was discovered that the ForceCommand directive could be bypassed. If a local user created a malicious ~/.ssh/rc file, they could execute arbitrary commands as their user id. This only affected Ubuntu 7.10. USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the fixes for this issue were incomplete. A remote attacker could attempt multiple logins, filling all available connection slots, leading to a denial of service. This only affected Ubuntu 6.06 and 7.04.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability

systems | linux, ubuntu

advisories | CVE-2008-1657, CVE-2008-4109

SHA-256 | c964c07870f7af3b9ad974c87e9b51877c820a10df4f8dbc6334735252aab0ca

Download | Favorite | View

Mandriva Linux Security Advisory 2008-098

Posted May 7, 2008

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~/.ssh/rc.

tags | advisory, local

systems | linux, mandriva

advisories | CVE-2008-1657

SHA-256 | 84e9dfc8aed7759a50f77add5c93f3cf1bd57556eacec2e7409d16bc4092ac4b

Download | Favorite | View

Gentoo Linux Security Advisory 200804-3

Posted Apr 8, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-03 - Two flaws have been discovered in OpenSSH which could allow local attackers to escalate their privileges. Versions less than 4.7_p1-r6 are affected.

tags | advisory, local

systems | linux, gentoo

advisories | CVE-2008-1483, CVE-2008-1657

SHA-256 | 97c202923fdfaedaac16a4cee275be6a9cbeeaeed47e2d061d7ebc9e1021f944

Download | Favorite | View