PRIOn knowledge basePRION:CVE-2008-5161Code injection
6.5 Medium
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.112 Low
EPSS
Percentile
95.0%
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
References
isc.sans.org/diary.html?storyid=5366
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
openssh.org/txt/cbc.adv
osvdb.org/49872
osvdb.org/50035
osvdb.org/50036
rhn.redhat.com/errata/RHSA-2009-1287.html
secunia.com/advisories/32740
secunia.com/advisories/32760
secunia.com/advisories/32833
secunia.com/advisories/33121
secunia.com/advisories/33308
secunia.com/advisories/34857
secunia.com/advisories/36558
sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
support.apple.com/kb/HT3937
support.attachmate.com/techdocs/2398.html
support.avaya.com/elmodocs2/security/ASA-2008-503.htm
www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
www.kb.cert.org/vuls/id/958563
www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
www.securityfocus.com/archive/1/498558/100/0/threaded
www.securityfocus.com/archive/1/498579/100/0/threaded
www.securityfocus.com/bid/32319
www.securitytracker.com/id?1021235
www.securitytracker.com/id?1021236
www.securitytracker.com/id?1021382
www.ssh.com/company/news/article/953/
www.vupen.com/english/advisories/2008/3172
www.vupen.com/english/advisories/2008/3173
www.vupen.com/english/advisories/2008/3409
www.vupen.com/english/advisories/2009/1135
www.vupen.com/english/advisories/2009/3184
exchange.xforce.ibmcloud.com/vulnerabilities/46620
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
kc.mcafee.com/corporate/index?page=content&id=SB10106
kc.mcafee.com/corporate/index?page=content&id=SB10163
marc.info/?l=bugtraq&m=125017764422557&w=2
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
Related
6.5 Medium
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.112 Low
EPSS
Percentile
95.0%