Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-649-1
HistoryOct 01, 2008 - 12:00 a.m.

OpenSSH vulnerabilities

2008-10-0100:00:00
ubuntu.com
42

8.4 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.3%

JSON

Releases

  • Ubuntu 7.10
  • Ubuntu 7.04
  • Ubuntu 6.06

Packages

  • openssh -

Details

It was discovered that the ForceCommand directive could be bypassed.
If a local user created a malicious ~/.ssh/rc file, they could execute
arbitrary commands as their user id. This only affected Ubuntu 7.10.
(CVE-2008-1657)

USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the
fixes for this issue were incomplete. A remote attacker could attempt
multiple logins, filling all available connection slots, leading to a
denial of service. This only affected Ubuntu 6.06 and 7.04.
(CVE-2008-4109)

OSVersionArchitecturePackageVersionFilename
Ubuntu7.10noarchopenssh-server< 1:4.6p1-5ubuntu0.6UNKNOWN
Ubuntu7.10noarchopenssh-client< 1:4.6p1-5ubuntu0.6UNKNOWN
Ubuntu7.10noarchopenssh-client-udeb< 1:4.6p1-5ubuntu0.6UNKNOWN
Ubuntu7.10noarchopenssh-server-udeb< 1:4.6p1-5ubuntu0.6UNKNOWN
Ubuntu7.10noarchssh-askpass-gnome< 1:4.6p1-5ubuntu0.6UNKNOWN
Ubuntu7.04noarchopenssh-server< 1:4.3p2-8ubuntu1.5UNKNOWN
Ubuntu7.04noarchopenssh-client< 1:4.3p2-8ubuntu1.5UNKNOWN
Ubuntu7.04noarchopenssh-client-udeb< 1:4.3p2-8ubuntu1.5UNKNOWN
Ubuntu7.04noarchopenssh-server-udeb< 1:4.3p2-8ubuntu1.5UNKNOWN
Ubuntu7.04noarchssh-askpass-gnome< 1:4.3p2-8ubuntu1.5UNKNOWN
Rows per page:
1-10 of 151

Related

securityvulns 3
openvas 11
nessus 17
f5 4
cve 2
ubuntucve 2
prion 2
debiancve 2
gentoo 1
debian 1
osv 1
securityvulns
securityvulns
[USN-649-1] OpenSSH vulnerabilities
2008-10-03 00:00:00
Multiple OpenSSH security vulnerabilities
2008-10-03 00:00:00
[SECURITY] [DSA 1638-1] New openssh packages fix denial of service
2008-09-20 00:00:00
openvas
openvas
Ubuntu Update for openssh vulnerabilities USN-649-1
2009-03-23 00:00:00
Mandriva Update for openssh MDVSA-2008:098 (openssh)
2009-04-09 00:00:00
Mandriva Update for openssh MDVSA-2008:098 (openssh)
2009-04-09 00:00:00
nessus
nessus
Ubuntu 6.06 LTS / 7.04 / 7.10 : openssh vulnerabilities (USN-649-1)
2009-04-23 00:00:00
Mandriva Linux Security Advisory : openssh (MDVSA-2008:098)
2009-04-23 00:00:00
OpenSSH < 4.9 'ForceCommand' Directive Bypass
2011-10-04 00:00:00
f5
f5
SOL15086 - OpenSSH vulnerability CVE-2008-1657
2014-03-18 00:00:00
K15086 : OpenSSH vulnerability CVE-2008-1657
2014-07-25 00:00:00
K14742 : OpenSSH vulnerability CVE-2008-4109
2014-07-30 00:00:00
cve
cve
CVE-2008-1657
2008-04-02 18:44:00
CVE-2008-4109
2008-09-18 15:04:00
ubuntucve
ubuntucve
CVE-2008-1657
2008-04-02 00:00:00
CVE-2008-4109
2008-09-18 00:00:00
prion
prion
Session fixation
2008-04-02 18:44:00
Code injection
2008-09-18 15:04:00
debiancve
debiancve
CVE-2008-1657
2008-04-02 18:44:00
CVE-2008-4109
2008-09-18 15:04:00
gentoo
gentoo
OpenSSH: Privilege escalation
2008-04-05 00:00:00
debian
debian
[SECURITY] [DSA 1638-1] New openssh packages fix denial of service
2008-09-16 20:41:23
osv
osv
openssh - denial of service
2008-09-16 00:00:00

8.4 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.3%

JSON
Related for USN-649-1
securityvulns3openvas11nessus17f54cve2ubuntucve2prion2debiancve2gentoo1debian1osv1