CVE-2008-1657
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Date published : 2008-04-02
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html