8.4 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.045 Low
EPSS
Percentile
92.3%
It was discovered that the ForceCommand directive could be bypassed.
If a local user created a malicious ~/.ssh/rc file, they could execute
arbitrary commands as their user id. This only affected Ubuntu 7.10.
(CVE-2008-1657)
USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the
fixes for this issue were incomplete. A remote attacker could attempt
multiple logins, filling all available connection slots, leading to a
denial of service. This only affected Ubuntu 6.06 and 7.04.
(CVE-2008-4109)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 7.10 | noarch | openssh-server | < 1:4.6p1-5ubuntu0.6 | UNKNOWN |
Ubuntu | 7.10 | noarch | openssh-client | < 1:4.6p1-5ubuntu0.6 | UNKNOWN |
Ubuntu | 7.10 | noarch | openssh-client-udeb | < 1:4.6p1-5ubuntu0.6 | UNKNOWN |
Ubuntu | 7.10 | noarch | openssh-server-udeb | < 1:4.6p1-5ubuntu0.6 | UNKNOWN |
Ubuntu | 7.10 | noarch | ssh-askpass-gnome | < 1:4.6p1-5ubuntu0.6 | UNKNOWN |
Ubuntu | 7.04 | noarch | openssh-server | < 1:4.3p2-8ubuntu1.5 | UNKNOWN |
Ubuntu | 7.04 | noarch | openssh-client | < 1:4.3p2-8ubuntu1.5 | UNKNOWN |
Ubuntu | 7.04 | noarch | openssh-client-udeb | < 1:4.3p2-8ubuntu1.5 | UNKNOWN |
Ubuntu | 7.04 | noarch | openssh-server-udeb | < 1:4.3p2-8ubuntu1.5 | UNKNOWN |
Ubuntu | 7.04 | noarch | ssh-askpass-gnome | < 1:4.3p2-8ubuntu1.5 | UNKNOWN |