Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 2 Apr 2008 13:39:37 -0400 (EDT)
From: "Steven M. Christey" <>
To: Jonathan Smith <>
cc: "Steven M. Christey" <>,
Subject: Re: CVE request: openssh "ForceCommand" improperly implemented

Name: CVE-2008-1657
Status: Candidate
Reference: CONFIRM:
Reference: CONFIRM:
Reference: OPENBSD:[4.3] 001: SECURITY FIX: March 30, 2008
Reference: URL:
Reference: BID:28531
Reference: URL:
Reference: FRSIRT:ADV-2008-1035
Reference: URL:
Reference: SECTRACK:1019733
Reference: URL:
Reference: SECUNIA:29602
Reference: URL:
Reference: SECUNIA:29609
Reference: URL:
Reference: XF:openssh-forcecommand-command-execution(41549)
Reference: URL:

OpenSSH before 4.9 allows remote authenticated users to bypass the
sshd_config ForceCommand directive by modifying the .ssh/rc session

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.