It was discovered that the ForceCommand directive could be bypassed.
If a local user created a malicious ~/.ssh/rc file, they could execute
arbitrary commands as their user id. This only affected Ubuntu 7.10.
(CVE-2008-1657)
USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the
fixes for this issue were incomplete. A remote attacker could attempt
multiple logins, filling all available connection slots, leading to a
denial of service. This only affected Ubuntu 6.06 and 7.04.
(CVE-2008-4109)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 7.10 | noarch | openssh-server | <Â 1:4.6p1-5ubuntu0.6 | UNKNOWN |
Ubuntu | 7.10 | noarch | openssh-client | <Â 1:4.6p1-5ubuntu0.6 | UNKNOWN |
Ubuntu | 7.10 | noarch | openssh-client-udeb | <Â 1:4.6p1-5ubuntu0.6 | UNKNOWN |
Ubuntu | 7.10 | noarch | openssh-server-udeb | <Â 1:4.6p1-5ubuntu0.6 | UNKNOWN |
Ubuntu | 7.10 | noarch | ssh-askpass-gnome | <Â 1:4.6p1-5ubuntu0.6 | UNKNOWN |
Ubuntu | 7.04 | noarch | openssh-server | <Â 1:4.3p2-8ubuntu1.5 | UNKNOWN |
Ubuntu | 7.04 | noarch | openssh-client | <Â 1:4.3p2-8ubuntu1.5 | UNKNOWN |
Ubuntu | 7.04 | noarch | openssh-client-udeb | <Â 1:4.3p2-8ubuntu1.5 | UNKNOWN |
Ubuntu | 7.04 | noarch | openssh-server-udeb | <Â 1:4.3p2-8ubuntu1.5 | UNKNOWN |
Ubuntu | 7.04 | noarch | ssh-askpass-gnome | <Â 1:4.3p2-8ubuntu1.5 | UNKNOWN |