CVE-2008-1657

Gentoo Linux Security Advisory 200804-3

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

OpenSSH versión 4.4 anterior a 4.9, permite a los usuarios autenticados remotos omitir la directiva ForceCommand de sshd_config mediante la modificación del archivo de sesión .ssh/rc.

It was discovered that the ForceCommand directive could be bypassed. If a local user created a malicious ~/.ssh/rc file, they could execute arbitrary commands as their user id. This only affected Ubuntu 7.10. USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the fixes for this issue were incomplete. A remote attacker could attempt multiple logins, filling all available connection slots, leading to a denial of service. This only affected Ubuntu 6.06 and 7.04.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-04-02 CVE Reserved
2008-04-02 CVE Published
2024-08-07 CVE Updated
2026-03-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (32)

URL	Tag	Source
http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc	X_refsource_confirm
http://support.attachmate.com/techdocs/2374.html	X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139	X_refsource_confirm
http://www.securityfocus.com/archive/1/490488/100/0/threaded	Mailing List
http://www.securitytracker.com/id?1019733	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA08-260A.html	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41549	Vdb Entry
https://issues.rpath.com/browse/RPL-2419	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
http://www.openbsd.org/errata43.html#001_openssh	2018-10-11
http://www.securityfocus.com/bid/28531	2018-10-11

URL	Date	SRC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc	2018-10-11
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html	2018-10-11
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html	2018-10-11
http://secunia.com/advisories/29602	2018-10-11
http://secunia.com/advisories/29609	2018-10-11
http://secunia.com/advisories/29683	2018-10-11
http://secunia.com/advisories/29693	2018-10-11
http://secunia.com/advisories/29735	2018-10-11
http://secunia.com/advisories/29939	2018-10-11
http://secunia.com/advisories/30361	2018-10-11
http://secunia.com/advisories/31531	2018-10-11
http://secunia.com/advisories/31882	2018-10-11
http://secunia.com/advisories/32080	2018-10-11
http://secunia.com/advisories/32110	2018-10-11
http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml	2018-10-11
http://www.mandriva.com/security/advisories?name=MDVSA-2008:098	2018-10-11
http://www.openssh.com/txt/release-4.9	2018-10-11
http://www.ubuntu.com/usn/usn-649-1	2018-10-11
http://www.vupen.com/english/advisories/2008/1035/references	2018-10-11
http://www.vupen.com/english/advisories/2008/1624/references	2018-10-11
http://www.vupen.com/english/advisories/2008/2396	2018-10-11
http://www.vupen.com/english/advisories/2008/2584	2018-10-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.4 Search vendor "Openbsd" for product "Openssh" and version "4.4"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.4p1 Search vendor "Openbsd" for product "Openssh" and version "4.4p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.5 Search vendor "Openbsd" for product "Openssh" and version "4.5"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.6 Search vendor "Openbsd" for product "Openssh" and version "4.6"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.7 Search vendor "Openbsd" for product "Openssh" and version "4.7"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.8 Search vendor "Openbsd" for product "Openssh" and version "4.8"		-		Affected