Ubuntu Update For Openssh Vulnerabilities USN-649-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-649-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that the ForceCommand directive could be bypassed. If a local user created a malicious ~/.ssh/rc file, they could execute arbitrary commands as their user id. This only affected Ubuntu 7.10. (CVE-2008-1657) USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the fixes for this issue were incomplete. A remote attacker could attempt multiple logins, filling all available connection slots, leading to a denial of service. This only affected Ubuntu 6.06 and 7.04. (CVE-2008-4109)

Affected

openssh vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 , Ubuntu 7.10

Severity

Classification

CVE CVE-2008-1657, CVE-2008-4109

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for clamav vulnerability USN-1076-1
Ubuntu Update for avahi vulnerability USN-1084-1
Ubuntu Update for cinder USN-1731-1
Ubuntu Update for dbus USN-1176-1
Ubuntu Update for boost1.49 USN-1727-1

Ubuntu Update for openssh vulnerabilities USN-649-1

Take action and discover your vulnerabilities