openssh is vulnerable to authorization bypass. The vulnerability exists as a flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages, which could possibly mislead or confuse audit log parsing tools.
osvdb.org/39214
secunia.com/advisories/27235
secunia.com/advisories/27588
secunia.com/advisories/27590
secunia.com/advisories/28319
secunia.com/advisories/28320
support.avaya.com/elmodocs2/security/ASA-2007-526.htm
support.avaya.com/elmodocs2/security/ASA-2007-527.htm
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2007-0540.html
www.redhat.com/support/errata/RHSA-2007-0555.html
www.redhat.com/support/errata/RHSA-2007-0703.html
www.redhat.com/support/errata/RHSA-2007-0737.html
www.securityfocus.com/bid/26097
access.redhat.com/errata/RHSA-2007:0540
bugzilla.redhat.com/show_bug.cgi?id=248059
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11124
www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html