Mandriva Linux Security Advisory - A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~/.ssh/rc.
84e9dfc8aed7759a50f77add5c93f3cf1bd57556eacec2e7409d16bc4092ac4b