CVE-2008-4109

Related Files

Ubuntu Security Notice 649-1

Posted Oct 2, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 649-1 - It was discovered that the ForceCommand directive could be bypassed. If a local user created a malicious ~/.ssh/rc file, they could execute arbitrary commands as their user id. This only affected Ubuntu 7.10. USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the fixes for this issue were incomplete. A remote attacker could attempt multiple logins, filling all available connection slots, leading to a denial of service. This only affected Ubuntu 6.06 and 7.04.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability

systems | linux, ubuntu

advisories | CVE-2008-1657, CVE-2008-4109

SHA-256 | c964c07870f7af3b9ad974c87e9b51877c820a10df4f8dbc6334735252aab0ca

Download | Favorite | View

Debian Linux Security Advisory 1638-1

Posted Sep 16, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1638-1 - It has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability.

tags | advisory, denial of service

systems | linux, debian

advisories | CVE-2008-4109

SHA-256 | 3dcd1c93684523b379aae5ed130ab55e469f477cb01b57983baa4faa0beb27f7

Download | Favorite | View