|Summary:||net-misc/openssh <4.7_p1-r6 rc execution overrides ForceCommand restriction (CVE-2008-1657)|
|Product:||Gentoo Security||Reporter:||Robert Buchholz (RETIRED) <rbu>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||normal||CC:||arm, m68k, s390, sh+disabled|
|Package list:||Runtime testing required:||---|
Description Robert Buchholz (RETIRED) 2008-04-01 13:55:10 UTC
Secunia: A weakness has been reported in OpenSSH, which can be exploited by malicious, local users to bypass certain security restrictions. The weakness is caused due to the improper implementation of the "ForceCommand" directive. This can be exploited to execute arbitrary commands via the ~/.ssh/rc file even if a "ForceCommand" directive is in effect. The weakness is reported in versions prior to 4.9 and 4.9p1. SOLUTION: Update to version 4.9 or 4.9p1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://marc.info/?l=openssh-unix-dev&m=120692745026265&w=2
Comment 1 SpanKY 2008-04-01 15:38:56 UTC
if we could get a small diff for 4.7_p1, that would be best ...
Comment 2 Robert Buchholz (RETIRED) 2008-04-01 16:04:31 UTC
The patch is here: ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/001_openssh.patch
Comment 3 SpanKY 2008-04-01 18:43:15 UTC
openssh-4.7_p1-r6 in the tree then with that one fix, thanks openssh-4.9_p1 is also in the tree, but it's missing updated patches, so stabilizing that version would just make users'/admins' lives painful
Comment 4 Robert Buchholz (RETIRED) 2008-04-01 19:21:00 UTC
Arches, please test and mark stable: =net-misc/openssh-4.7_p1-r6 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86"
Comment 5 Christian Faulhammer (RETIRED) 2008-04-01 22:53:36 UTC
Comment 6 Richard Freeman 2008-04-02 00:41:49 UTC
Comment 7 Raúl Porcel (RETIRED) 2008-04-02 11:44:55 UTC
Comment 8 Markus Rothe (RETIRED) 2008-04-02 15:52:35 UTC
Comment 9 Jeroen Roovers 2008-04-02 16:04:56 UTC
Stable for HPPA.
Comment 10 Tobias Scherbaum (RETIRED) 2008-04-03 16:55:24 UTC
Comment 11 Robert Buchholz (RETIRED) 2008-04-03 22:39:54 UTC
request has been filed
Comment 12 Peter Volkov (RETIRED) 2008-04-04 05:01:21 UTC
Fixed in release snapshot.
Comment 13 Robert Buchholz (RETIRED) 2008-04-05 12:53:53 UTC
Comment 14 Robert Buchholz (RETIRED) 2008-04-05 12:55:16 UTC
Fixed for ~arch in 5.0_p1