CVE-2008-1657

Name of the Vulnerable Software and Affected Versions OpenSSH versions 4.4 through 4.7 OpenSSH versions prior to 4.9

Description The issue concerns multiple vulnerabilities in the OpenSSH package that can be exploited to compromise the confidentiality, integrity, and availability of protected information. Exploitation can be performed locally. Specifically, it allows remote authenticated users to bypass the sshd config ForceCommand directive by modifying the .ssh/rc session file.

Recommendations For OpenSSH versions 4.4 through 4.7, update to a version after 4.7 p1-r6 to resolve the issue. For OpenSSH versions prior to 4.9, update to version 4.9 or later to address the vulnerability. As a temporary workaround, consider restricting access to the .ssh/rc file to prevent modification by unauthorized users.