-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-21
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 16 Jun 2008
Last revised: 16 Jun 2008
Package: openssh
Summary: Bypass ForceCommand
More information:
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH 4.4 and other versions before 4.9 allows remote authenticated
users to bypass the sshd_config ForceCommand directive by modifying
the .ssh/rc session file. (CVE-2008-1657)
Affected Products:
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
Source Packages
Size: MD5
openssh-4.7p1-6.src.rpm
1045452 a8f33fef3ac2ac6020e839419ee1c624
Binary Packages
Size: MD5
openssh-4.7p1-6.x86_64.rpm
281979 c8c717758c0f1bc807f9aea0382db0ad
openssh-clients-4.7p1-6.x86_64.rpm
304782 b11edc758e96a903646ed0b9d56654af
openssh-server-4.7p1-6.x86_64.rpm
310827 a185a21e40a5d7bc4bdba703af7c7bed
Source Packages
Size: MD5
openssh-4.7p1-6.src.rpm
1045452 a8f33fef3ac2ac6020e839419ee1c624
Binary Packages
Size: MD5
openssh-4.7p1-6.i686.rpm
264173 fb65ba213ab1ee28f22f0ef759828252
openssh-clients-4.7p1-6.i686.rpm
277712 c1f5d743a779a21cfd963f2ffa7c508c
openssh-server-4.7p1-6.i686.rpm
279880 6ce075e5886fc5860c5c75b543212819
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/openssh-4.7p1-6.src.rpm
1045452 a8f33fef3ac2ac6020e839419ee1c624
Binary Packages
Size: MD5
openssh-4.7p1-6.x86_64.rpm
281979 c8c717758c0f1bc807f9aea0382db0ad
openssh-askpass-4.7p1-6.x86_64.rpm
40038 07980a89f1871af0da980efe09b86477
openssh-clients-4.7p1-6.x86_64.rpm
304782 b11edc758e96a903646ed0b9d56654af
openssh-server-4.7p1-6.x86_64.rpm
310827 a185a21e40a5d7bc4bdba703af7c7bed
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/openssh-4.7p1-6.src.rpm
1045452 a8f33fef3ac2ac6020e839419ee1c624
Binary Packages
Size: MD5
openssh-4.7p1-6.i686.rpm
264173 fb65ba213ab1ee28f22f0ef759828252
openssh-askpass-4.7p1-6.i686.rpm
37735 ef292400c6aec3e43988fe516c730c22
openssh-clients-4.7p1-6.i686.rpm
277712 c1f5d743a779a21cfd963f2ffa7c508c
openssh-server-4.7p1-6.i686.rpm
279880 6ce075e5886fc5860c5c75b543212819
References:
CVE
[CVE-2008-1657]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657
--------------------------------------------------------------------------
Revision History
16 Jun 2008 Initial release
--------------------------------------------------------------------------
Copyright(C) 2008 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkhV5p0ACgkQK0LzjOqIJMyiOgCdEBPPPi7NLO2ig6FAVh3lV2Au
PjwAnjj83xK0/e0i5YgejMM+KdSLk7ot
=/few
-----END PGP SIGNATURE-----
|