CVE-2008-5161

2008-11-1917:30:00

CWE-200

[email protected]

web.nvd.nist.gov

620

cve

2008

5161

ssh

protocol

error handling

nvd

security

vulnerability

5.9 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.123 Low

EPSS

Percentile

95.4%

JSON

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

CPENameOperatorVersion
ssh:tectia_serverssh tectia servereq5.0.3
ssh:tectia_connectorssh tectia connectoreq4.4.2
ssh:tectia_clientssh tectia clienteq5.0.3f
ssh:tectia_serverssh tectia servereq4.4.6
ssh:tectia_clientssh tectia clienteq5.0.2
ssh:tectia_serverssh tectia servereq5.2.0
ssh:tectia_connectorssh tectia connectoreq4.3.0
ssh:tectia_serverssh tectia servereq4.3
ssh:tectia_clientssh tectia clienteq5.2.3
ssh:tectia_serverssh tectia servereq5.3.0

CPE	Name	Operator	Version
ssh:tectia_server	ssh tectia server	eq	5.0.3
ssh:tectia_connector	ssh tectia connector	eq	4.4.2
ssh:tectia_client	ssh tectia client	eq	5.0.3f
ssh:tectia_server	ssh tectia server	eq	4.4.6
ssh:tectia_client	ssh tectia client	eq	5.0.2
ssh:tectia_server	ssh tectia server	eq	5.2.0
ssh:tectia_connector	ssh tectia connector	eq	4.3.0
ssh:tectia_server	ssh tectia server	eq	4.3
ssh:tectia_client	ssh tectia client	eq	5.2.3
ssh:tectia_server	ssh tectia server	eq	5.3.0