CVE-2008-1657

Published Apr 2, 2008

Last updated a day ago

CVSS info 6.5

Overview

Description
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Source
cve@mitre.org
NVD status
Modified
Products
openssh

Risk scores

CVSS 2.0

Type
Primary
Base score
6.5
Impact score
6.4
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
CWE-264

Social media

Hype score
Not currently trending

Vendor comments

  • Red HatNot vulnerable. These issues did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Configurations

Related CVEs

  1. OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.CVE-2026-35414
  2. In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.CVE-2025-32728
  3. A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.CVE-2025-26466
  4. A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.CVE-2025-26465
  5. A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.CVE-2024-6387

References

Sources include official advisories and independent security research.