Ubuntu 6.06 LTS / 7.04 / 7.10 : openssh vulnerabilities (USN-649-1)

It was discovered that the ForceCommand directive could be bypassed. If a local user created a malicious /.ssh/rc file, they could execute arbitrary commands as their user id. This only affected Ubuntu 7.10. CVE-2008-1657 USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the fixe...

Ubuntu Update for openssh vulnerabilities USN-649-1

Ubuntu Update for Linux kernel vulnerabilities USN-649-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6491.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for openssh vulnerabilities USN-649-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

OpenSSH: Privilege escalation

Background OpenSSH is a complete SSH protocol implementation that includes an SFTP client and server support. Description Two issues have been discovered in OpenSSH: Timo Juhani Lindfors discovered that OpenSSH sets the DISPLAY variable in SSH sessions using X11 forwarding even when it cannot bin...

CVE-2008-1657

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshdconfig ForceCommand directive by modifying the .ssh/rc session file...