Secunia: A weakness has been reported in OpenSSH, which can be exploited by malicious, local users to bypass certain security restrictions. The weakness is caused due to the improper implementation of the "ForceCommand" directive. This can be exploited to execute arbitrary commands via the ~/.ssh/rc file even if a "ForceCommand" directive is in effect. The weakness is reported in versions prior to 4.9 and 4.9p1. SOLUTION: Update to version 4.9 or 4.9p1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://marc.info/?l=openssh-unix-dev&m=120692745026265&w=2
if we could get a small diff for 4.7_p1, that would be best ...
The patch is here: ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/001_openssh.patch
openssh-4.7_p1-r6 in the tree then with that one fix, thanks openssh-4.9_p1 is also in the tree, but it's missing updated patches, so stabilizing that version would just make users'/admins' lives painful
Arches, please test and mark stable: =net-misc/openssh-4.7_p1-r6 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86"
x86 stable
amd64 stable
alpha/ia64/sparc stable
ppc64 stable
Stable for HPPA.
ppc stable
request has been filed
Fixed in release snapshot.
GLSA 200804-03
Fixed for ~arch in 5.0_p1