Mandriva Update For Openssh MDVSA-2008:098 (openssh) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~/.ssh/rc (CVE-2008-1657). The updated packages have been patched to correct this issue.

Affected

openssh on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-1657

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:176 (git)
Mandrake Security Advisory MDVSA-2009:069 (curl)
Mandrake Security Advisory MDVSA-2009:017 (kdebase)
Mandrake Security Advisory MDVSA-2009:156 (net-snmp)
Mandrake Security Advisory MDVSA-2009:109 (quagga)

Mandriva Update for openssh MDVSA-2008:098 (openssh)

Take action and discover your vulnerabilities