Date: Wed, 2 Apr 2008 13:39:37 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: Jonathan Smith <smithj@...ethemallocs.com> cc: "Steven M. Christey" <coley@...us.mitre.org>, oss-security@...ts.openwall.com Subject: Re: CVE request: openssh "ForceCommand" improperly implemented ====================================================== Name: CVE-2008-1657 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657 Reference: CONFIRM:http://www.openssh.com/txt/release-4.9 Reference: CONFIRM:https://issues.rpath.com/browse/RPL-2419 Reference: OPENBSD:[4.3] 001: SECURITY FIX: March 30, 2008 Reference: URL:http://www.openbsd.org/errata43.html#001_openssh Reference: BID:28531 Reference: URL:http://www.securityfocus.com/bid/28531 Reference: FRSIRT:ADV-2008-1035 Reference: URL:http://www.frsirt.com/english/advisories/2008/1035/references Reference: SECTRACK:1019733 Reference: URL:http://www.securitytracker.com/id?1019733 Reference: SECUNIA:29602 Reference: URL:http://secunia.com/advisories/29602 Reference: SECUNIA:29609 Reference: URL:http://secunia.com/advisories/29609 Reference: XF:openssh-forcecommand-command-execution(41549) Reference: URL:http://xforce.iss.net/xforce/xfdb/41549 OpenSSH before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.