CVE-2008-5161
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
97.8%
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| openbsd | openssh | 4.7p1 | cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:* |
| ssh | tectia_client | 4.0 | cpe:2.3:a:ssh:tectia_client:4.0:*:*:*:*:*:*:* |
| ssh | tectia_client | 4.0.1 | cpe:2.3:a:ssh:tectia_client:4.0.1:*:*:*:*:*:*:* |
| ssh | tectia_client | 4.0.3 | cpe:2.3:a:ssh:tectia_client:4.0.3:*:*:*:*:*:*:* |
| ssh | tectia_client | 4.0.4 | cpe:2.3:a:ssh:tectia_client:4.0.4:*:*:*:*:*:*:* |
| ssh | tectia_client | 4.0.5 | cpe:2.3:a:ssh:tectia_client:4.0.5:*:*:*:*:*:*:* |
| ssh | tectia_client | 4.2 | cpe:2.3:a:ssh:tectia_client:4.2:*:*:*:*:*:*:* |
| ssh | tectia_client | 4.2.1 | cpe:2.3:a:ssh:tectia_client:4.2.1:*:*:*:*:*:*:* |
| ssh | tectia_client | 4.3 | cpe:2.3:a:ssh:tectia_client:4.3:*:*:*:*:*:*:* |
| ssh | tectia_client | 4.3.1 | cpe:2.3:a:ssh:tectia_client:4.3.1:*:*:*:*:*:*:* |
References
isc.sans.org/diary.html?storyid=5366
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
marc.info/?l=bugtraq&m=125017764422557&w=2
openssh.org/txt/cbc.adv
osvdb.org/49872
osvdb.org/50035
osvdb.org/50036
rhn.redhat.com/errata/RHSA-2009-1287.html
secunia.com/advisories/32740
secunia.com/advisories/32760
secunia.com/advisories/32833
secunia.com/advisories/33121
secunia.com/advisories/33308
secunia.com/advisories/34857
secunia.com/advisories/36558
sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
support.apple.com/kb/HT3937
support.attachmate.com/techdocs/2398.html
support.avaya.com/elmodocs2/security/ASA-2008-503.htm
www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
www.kb.cert.org/vuls/id/958563
www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
www.securityfocus.com/archive/1/498558/100/0/threaded
www.securityfocus.com/archive/1/498579/100/0/threaded
www.securityfocus.com/bid/32319
www.securitytracker.com/id?1021235
www.securitytracker.com/id?1021236
www.securitytracker.com/id?1021382
www.ssh.com/company/news/article/953/
www.vupen.com/english/advisories/2008/3172
www.vupen.com/english/advisories/2008/3173
www.vupen.com/english/advisories/2008/3409
www.vupen.com/english/advisories/2009/1135
www.vupen.com/english/advisories/2009/3184
exchange.xforce.ibmcloud.com/vulnerabilities/46620
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
kc.mcafee.com/corporate/index?page=content&id=SB10106
kc.mcafee.com/corporate/index?page=content&id=SB10163
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
97.8%