openssh CVE-2008-1657 question

[Vincent Danen <vdanen () linsec ca>]

Out of curiousity, CVE-2008-1657 should only affect 4.4-4.9, correct?
The ForceCommand functionality was introduced in 4.4.

It would be nice if the CVE entry made note of this.

Would be even nicer if the boneheads over at SecurityFocus wouldn't go
around assuming that <4.9 means everything, including 3.0, without
actually doing some checking.  Oh, wait, yeah, they go back as far as
1.0.

Somehow I don't think that's accurate.

--
Vincent Danen @ http://linsec.ca/

Attachment: _bin
Description: