A weakness has been reported in OpenSSH, which can be exploited by
malicious, local users to bypass certain security restrictions.
The weakness is caused due to the improper implementation of the
"ForceCommand" directive. This can be exploited to execute arbitrary
commands via the ~/.ssh/rc file even if a "ForceCommand" directive is
The weakness is reported in versions prior to 4.9 and 4.9p1.
Update to version 4.9 or 4.9p1.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
if we could get a small diff for 4.7_p1, that would be best ...
The patch is here: ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/001_openssh.patch
openssh-4.7_p1-r6 in the tree then with that one fix, thanks
openssh-4.9_p1 is also in the tree, but it's missing updated patches, so stabilizing that version would just make users'/admins' lives painful
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86"
Stable for HPPA.
request has been filed
Fixed in release snapshot.
Fixed for ~arch in 5.0_p1