[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0804021339330.23425@faron.mitre.org>
Date: Wed, 2 Apr 2008 13:39:37 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Jonathan Smith <smithj@...ethemallocs.com>
cc: "Steven M. Christey" <coley@...us.mitre.org>,
oss-security@...ts.openwall.com
Subject: Re: CVE request: openssh "ForceCommand" improperly implemented
======================================================
Name: CVE-2008-1657
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657
Reference: CONFIRM:http://www.openssh.com/txt/release-4.9
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-2419
Reference: OPENBSD:[4.3] 001: SECURITY FIX: March 30, 2008
Reference: URL:http://www.openbsd.org/errata43.html#001_openssh
Reference: BID:28531
Reference: URL:http://www.securityfocus.com/bid/28531
Reference: FRSIRT:ADV-2008-1035
Reference: URL:http://www.frsirt.com/english/advisories/2008/1035/references
Reference: SECTRACK:1019733
Reference: URL:http://www.securitytracker.com/id?1019733
Reference: SECUNIA:29602
Reference: URL:http://secunia.com/advisories/29602
Reference: SECUNIA:29609
Reference: URL:http://secunia.com/advisories/29609
Reference: XF:openssh-forcecommand-command-execution(41549)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41549
OpenSSH before 4.9 allows remote authenticated users to bypass the
sshd_config ForceCommand directive by modifying the .ssh/rc session
file.
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
