OpenSSH ForceCommand Command Execution Weakness

Bugtraq ID: 28531
Class: Design Error
CVE: CVE-2008-1657
Remote: No
Local: Yes
Published: Mar 31 2008 12:00AM
Updated: May 07 2015 05:31PM
Credit: The vendor disclosed this issue.
Vulnerable: Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 lpia
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Turbolinux Turbolinux Server 11 x64
Turbolinux Turbolinux Server 11
Turbolinux Appliance Server 3.0 x64
Turbolinux Appliance Server 3.0
Tevfik Karagulle cwRsync 2.0.10
Tevfik Karagulle cwRsync 2.0.9
SuSE SUSE Linux Enterprise Server 9
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 7
SuSE SUSE Linux Enterprise Server 10 SP1
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise SDK 10.SP1
SuSE SUSE Linux Enterprise SDK 10
SuSE Suse Linux Enterprise Desktop 10 SP1
SuSE Suse Linux Enterprise Desktop 10
SuSE SUSE Linux Enterprise 10 SP1 DEBUGINFO
SuSE Linux 10.1 x86-64
SuSE Linux 10.1 x86
SuSE Linux 10.1 ppc
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SuSE Linux Open-Xchange 4.1
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 10.2 X86 64
S.u.S.E. Linux Professional 10.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 10.2 X86 64
S.u.S.E. Linux Personal 10.2
S.u.S.E. Linux Personal 10.1
rPath rPath Linux 1
rPath Appliance Platform Linux Service 1
OpenBSD Portable OpenSSH 4.7p1
OpenBSD Portable OpenSSH 4.6p1
OpenBSD Portable OpenSSH 4.5p1
OpenBSD Portable OpenSSH 4.4p1
OpenBSD Portable OpenSSH 4.3p2
OpenBSD Portable OpenSSH 4.3p1
OpenBSD Portable OpenSSH 4.2p1
OpenBSD Portable OpenSSH 4.1p1
OpenBSD Portable OpenSSH 4.0p1
OpenBSD OpenSSH 3.8.1 p1
OpenBSD OpenSSH 3.0.2 p1
OpenBSD OpenSSH 3.0.2
OpenBSD OpenSSH 3.0.1 p1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
OpenBSD OpenSSH 3.0.1
+ FreeBSD FreeBSD 4.4
+ FreeBSD FreeBSD 4.3
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
OpenBSD OpenSSH 3.0 p1
OpenBSD OpenSSH 3.0
OpenBSD OpenSSH 2.9 p2
OpenBSD OpenSSH 2.9 p1
OpenBSD OpenSSH 2.9
+ FreeBSD FreeBSD 4.4
+ OpenBSD OpenBSD 2.9
OpenBSD OpenSSH 2.5.2 p2
OpenBSD OpenSSH 2.5.2
OpenBSD OpenSSH 2.3.1 p1
OpenBSD OpenSSH 2.3.1
OpenBSD OpenSSH 2.2 .x
OpenBSD OpenSSH 2.2 .0
OpenBSD OpenSSH 2.1.1 p1
OpenBSD OpenSSH 2.1.1
OpenBSD OpenSSH 2.1 .x
OpenBSD OpenSSH 2.1
OpenBSD OpenSSH 1.2.3
OpenBSD OpenSSH 1.2
OpenBSD OpenSSH 1.0 .x
OpenBSD OpenSSH 4.8
OpenBSD OpenSSH 4.7
OpenBSD OpenSSH 4.6
OpenBSD OpenSSH 4.5
OpenBSD OpenSSH 4.4
OpenBSD OpenSSH 4.3p1
OpenBSD OpenSSH 4.3
OpenBSD OpenSSH 4.2p1
OpenBSD OpenSSH 4.2
OpenBSD OpenSSH 4.1
OpenBSD OpenSSH 4.0
OpenBSD OpenSSH 3.9 p1
OpenBSD OpenBSD 2.9
OpenBSD OpenBSD 2.8
OpenBSD OpenBSD 2.7
OpenBSD OpenBSD 2.6
OpenBSD OpenBSD 2.5
OpenBSD OpenBSD 2.4
OpenBSD OpenBSD 2.3
OpenBSD OpenBSD 2.2
OpenBSD OpenBSD 2.1
OpenBSD OpenBSD 2.0
OpenBSD OpenBSD 4.3
OpenBSD OpenBSD 4.2
OpenBSD OpenBSD 4.1
OpenBSD OpenBSD 4.0
OpenBSD OpenBSD 3.9
OpenBSD OpenBSD 3.8
OpenBSD OpenBSD 3.7
OpenBSD OpenBSD 3.6
OpenBSD OpenBSD 3.5
OpenBSD OpenBSD 3.4
OpenBSD OpenBSD 3.3
OpenBSD OpenBSD 3.2
OpenBSD OpenBSD 3.1
OpenBSD OpenBSD 3.0
NetBSD NetBSD 3.0.2
NetBSD NetBSD 3.0.1
NetBSD NetBSD Current
NetBSD NetBSD 4.0
NetBSD NetBSD 3.1
Navision Financials Server 3.0
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.1
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Mandriva Linux Mandrake 2007.1 x86_64
Mandriva Linux Mandrake 2007.1
IBM AIX 6.1
IBM AIX 5.3
IBM AIX 5.2
Gentoo Linux
AttachmateWRQ Reflection for Secure IT 7.0
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.5
Not Vulnerable: Tevfik Karagulle cwRsync 2.1.2
OpenBSD Portable OpenSSH 4.9p1
OpenBSD OpenSSH 4.9
AttachmateWRQ Reflection for Secure IT 7.0 SP1
Apple Mac OS X Server 10.5.5
Apple Mac OS X 10.5.5


 

Privacy Statement
Copyright 2010, SecurityFocus