Vulnerability Name:

CVE-2008-1657 (CCN-41549)

Assigned:2008-03-30
Published:2008-03-30
Updated:2018-10-11
Summary:OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: NETBSD
Type: UNKNOWN
NetBSD-SA2008-005

Source: CONFIRM
Type: UNKNOWN
http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc

Source: MITRE
Type: CNA
CVE-2008-1657

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-09-15

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:009

Source: CCN
Type: SA29602
OpenSSH ForceCommand Bypass Weakness

Source: SECUNIA
Type: Vendor Advisory
29602

Source: CCN
Type: SA29609
OpenBSD OpenSSH ForceCommand Bypass Weakness

Source: SECUNIA
Type: Vendor Advisory
29609

Source: SECUNIA
Type: Vendor Advisory
29683

Source: SECUNIA
Type: Vendor Advisory
29693

Source: SECUNIA
Type: Vendor Advisory
29735

Source: SECUNIA
Type: Vendor Advisory
29939

Source: SECUNIA
Type: Vendor Advisory
30361

Source: CCN
Type: SA31531
Reflection for Secure IT Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
31531

Source: CCN
Type: SA31882
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
31882

Source: SECUNIA
Type: Vendor Advisory
32080

Source: SECUNIA
Type: Vendor Advisory
32110

Source: CCN
Type: SECTRACK ID: 1019733
OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands

Source: CCN
Type: Apple Web site
About the security content of Mac OS X v10.5.5 and Security Update 2008-006

Source: CCN
Type: Attachmate Technical Note 2374
Reflection for Secure IT UNIX Client and Server 7.0 Service Pack 1 (SP1): Fixes and Features

Source: CONFIRM
Type: UNKNOWN
http://support.attachmate.com/techdocs/2374.html

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139

Source: CCN
Type: GLSA-200804-03
OpenSSH: Privilege escalation

Source: GENTOO
Type: UNKNOWN
GLSA-200804-03

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:098

Source: CCN
Type: OpenBSD 4.3 errata
001: SECURITY FIX: March 30, 2008

Source: OPENBSD
Type: Patch
[4.3] 001: SECURITY FIX: March 30, 2008

Source: CCN
Type: OpenSSH Web site
OpenSSH

Source: CCN
Type: OpenSSH Changelog, Release 4.7
Changes since OpenSSH 4.7

Source: CONFIRM
Type: Vendor Advisory
http://www.openssh.com/txt/release-4.9

Source: CCN
Type: OSVDB ID: 43911
OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution

Source: BUGTRAQ
Type: UNKNOWN
20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server

Source: BID
Type: Patch
28531

Source: CCN
Type: BID-28531
OpenSSH ForceCommand Command Execution Weakness

Source: CCN
Type: BID-30723
Attachmate Reflection for Secure IT Multiple Unspecified Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1019733

Source: CCN
Type: TLSA-2008-21
Bypass ForceCommand

Source: CCN
Type: USN-649-1
OpenSSH vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-649-1

Source: CERT
Type: US Government Resource
TA08-260A

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1035

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1624

Source: VUPEN
Type: Vendor Advisory
ADV-2008-2396

Source: VUPEN
Type: Vendor Advisory
ADV-2008-2584

Source: XF
Type: UNKNOWN
openssh-forcecommand-security-bypass(41549)

Source: XF
Type: UNKNOWN
openssh-forcecommand-command-execution(41549)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-2419

Source: SUSE
Type: SUSE-SR:2008:009
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openbsd:openssh:4.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.7:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.8:-:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.7:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.1:-:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:17752
    P
    		USN-649-1 -- openssh vulnerabilities
    2014-07-21
    oval:org.opensuse.security:def:20081657
    V
    		CVE-2008-1657
    2012-11-01
    BACK
    openbsd openssh 4.4
    openbsd openssh 4.4p1
    openbsd openssh 4.5
    openbsd openssh 4.6
    openbsd openssh 4.7
    openbsd openssh 4.8
    openbsd openssh 2.1.1
    openbsd openssh 2.5.2
    openbsd openssh 2.5
    openbsd openssh 2.5.1
    openbsd openssh 2.9
    openbsd openssh 3.0
    openbsd openssh 3.2.2
    openbsd openssh 3.2.2p1
    openbsd openssh 3.4p1
    openbsd openssh 3.4
    openbsd openssh 3.7.1p1
    openbsd openssh 3.6.1p2
    openbsd openssh 4.0
    openbsd openssh 2.9.9p2
    openbsd openssh 4.4
    openbsd openssh 4.6
    openbsd openssh 4.5
    openbsd openssh 4.1p1
    openbsd openssh 4.3p2
    openbsd openssh 4.7p1
    openbsd openssh 4.0p1
    openbsd openssh 3.0p1
    openbsd openssh 3.0.1p1
    openbsd openssh 3.0.1
    openbsd openssh 3.0.2p1
    openbsd openssh 3.0.2
    openbsd openssh 3.1p1
    openbsd openssh 3.1
    openbsd openssh 3.2
    openbsd openssh 3.2.3p1
    openbsd openssh 3.3p1
    openbsd openssh 3.3
    openbsd openssh 3.5
    openbsd openssh 3.5p1
    openbsd openssh 3.6
    openbsd openssh 3.6.1p1
    openbsd openssh 3.6.1
    openbsd openssh 3.7
    openbsd openssh 3.7.1p2
    openbsd openssh 3.7.1
    openbsd openssh 3.8
    openbsd openssh 3.8.1p1
    openbsd openssh 3.8.1
    openbsd openssh 3.9
    openbsd openssh 3.9.1p1
    openbsd openssh 3.9.1
    openbsd openssh 2.1
    openbsd openssh 2.2
    openbsd openssh 2.3
    openbsd openssh 2.9p2
    openbsd openssh 2.9p1
    openbsd openssh 2.9.9
    openbsd openssh 1.2.2
    openbsd openssh 1.2.3
    openbsd openssh 1.2.27
    openbsd openssh 1.2.1
    openbsd openssh 1.2
    openbsd openssh 4.3p1
    openbsd openssh 4.3
    openbsd openssh 4.2p1
    openbsd openssh 4.2
    openbsd openssh 4.4p1
    openbsd openssh 3.2.3p1
    openbsd openssh 4.7
    openbsd openssh 4.9
    openbsd openssh 4.1
    gentoo linux *
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    canonical ubuntu 7.04
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    mandrakesoft mandrake linux 2007.1
    apple mac os x 10.5
    apple mac os x server 10.5
    apple mac os x 10.4.11
    apple mac os x 10.5.1
    apple mac os x server 10.4.11
    apple mac os x server 10.5.1
    apple mac os x 10.5.2
    apple mac os x server 10.5.2
    mandrakesoft mandrake linux 2008.1
    apple mac os x server 10.5.3
    apple mac os x 10.5.3
    apple mac os x 10.5.4
    apple mac os x server 10.5.4