Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5161

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-5161
Last Modified 08 Aug 2014 04:54:40
Published 19 Nov 2008 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-5161

Summary

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Vulnerable Systems

Application

  • Openbsd Openssh 4.7p1

  • Openssh 4.7p1

  • Ssh Tectia Client 4.0

  • Ssh Tectia Client 4.0.1

  • Ssh Tectia Client 4.0.3

  • Ssh Tectia Client 4.0.4

  • Ssh Tectia Client 4.0.5

  • Ssh Tectia Client 4.2

  • Ssh Tectia Client 4.2.1

  • Ssh Tectia Client 4.3

  • Ssh Tectia Client 4.3.1

  • Ssh Tectia Client 4.3.1j

  • Ssh Tectia Client 4.3.2

  • Ssh Tectia Client 4.3.2j

  • Ssh Tectia Client 4.3.3

  • Ssh Tectia Client 4.3.4

  • Ssh Tectia Client 4.3.5

  • Ssh Tectia Client 4.3.6

  • Ssh Tectia Client 4.3.7

  • Ssh Tectia Client 4.3.8k

  • Ssh Tectia Client 4.3.9k

  • Ssh Tectia Client 4.4

  • Ssh Tectia Client 4.4.1

  • Ssh Tectia Client 4.4.10

  • Ssh Tectia Client 4.4.11

  • Ssh Tectia Client 4.4.2

  • Ssh Tectia Client 4.4.3

  • Ssh Tectia Client 4.4.4

  • Ssh Tectia Client 4.4.6

  • Ssh Tectia Client 4.4.7

  • Ssh Tectia Client 4.4.8

  • Ssh Tectia Client 4.4.9

  • Ssh Tectia Client 5.0.0

  • Ssh Tectia Client 5.0.0f

  • Ssh Tectia Client 5.0.1

  • Ssh Tectia Client 5.0.1f

  • Ssh Tectia Client 5.0.2

  • Ssh Tectia Client 5.0.2f

  • Ssh Tectia Client 5.0.3

  • Ssh Tectia Client 5.0.3f

  • Ssh Tectia Client 5.1.0

  • Ssh Tectia Client 5.1.1

  • Ssh Tectia Client 5.1.2

  • Ssh Tectia Client 5.1.3

  • Ssh Tectia Client 5.2.0

  • Ssh Tectia Client 5.2.1

  • Ssh Tectia Client 5.2.2

  • Ssh Tectia Client 5.2.3

  • Ssh Tectia Client 5.2.4

  • Ssh Tectia Client 5.3.0

  • Ssh Tectia Client 5.3.1

  • Ssh Tectia Client 5.3.2

  • Ssh Tectia Client 5.3.3

  • Ssh Tectia Client 5.3.5

  • Ssh Tectia Client 5.3.6

  • Ssh Tectia Client 5.3.7

  • Ssh Tectia Client 5.3.8

  • Ssh Tectia Client 6.0.0

  • Ssh Tectia Client 6.0.1

  • Ssh Tectia Client 6.0.2

  • Ssh Tectia Client 6.0.3

  • Ssh Tectia Client 6.0.4

  • Ssh Tectia Connector 4.0.7

  • Ssh Tectia Connector 4.1.2

  • Ssh Tectia Connector 4.1.3

  • Ssh Tectia Connector 4.1.5

  • Ssh Tectia Connector 4.2.0

  • Ssh Tectia Connector 4.3.0

  • Ssh Tectia Connector 4.3.4

  • Ssh Tectia Connector 4.3.5

  • Ssh Tectia Connector 4.4.0

  • Ssh Tectia Connector 4.4.10

  • Ssh Tectia Connector 4.4.2

  • Ssh Tectia Connector 4.4.4

  • Ssh Tectia Connector 4.4.6

  • Ssh Tectia Connector 4.4.7

  • Ssh Tectia Connector 4.4.9

  • Ssh Tectia Connector 5.0.0

  • Ssh Tectia Connector 5.0.1

  • Ssh Tectia Connector 5.0.2

  • Ssh Tectia Connector 5.0.3

  • Ssh Tectia Connector 5.1.0

  • Ssh Tectia Connector 5.1.1

  • Ssh Tectia Connector 5.1.2

  • Ssh Tectia Connector 5.1.3

  • Ssh Tectia Connector 5.2.2

  • Ssh Tectia Connector 5.3.0

  • Ssh Tectia Connector 5.3.1

  • Ssh Tectia Connector 5.3.2

  • Ssh Tectia Connector 5.3.3

  • Ssh Tectia Connector 5.3.7

  • Ssh Tectia Connector 5.3.8

  • Ssh Tectia Connectsecure 6.0.0

  • Ssh Tectia Connectsecure 6.0.1

  • Ssh Tectia Connectsecure 6.0.2

  • Ssh Tectia Connectsecure 6.0.3

  • Ssh Tectia Connectsecure 6.0.4

  • Ssh Tectia Server 4.0

  • Ssh Tectia Server 4.0.3

  • Ssh Tectia Server 4.0.4

  • Ssh Tectia Server 4.0.5

  • Ssh Tectia Server 4.0.7

  • Ssh Tectia Server 4.1.2

  • Ssh Tectia Server 4.1.3

  • Ssh Tectia Server 4.1.5

  • Ssh Tectia Server 4.2.0

  • Ssh Tectia Server 4.2.1

  • Ssh Tectia Server 4.2.2

  • Ssh Tectia Server 4.3

  • Ssh Tectia Server 4.3.0

  • Ssh Tectia Server 4.3.1

  • Ssh Tectia Server 4.3.2

  • Ssh Tectia Server 4.3.3

  • Ssh Tectia Server 4.3.4

  • Ssh Tectia Server 4.3.5

  • Ssh Tectia Server 4.3.6

  • Ssh Tectia Server 4.3.7

  • Ssh Tectia Server 4.4

  • Ssh Tectia Server 4.4.0

  • Ssh Tectia Server 4.4.1

  • Ssh Tectia Server 4.4.10

  • Ssh Tectia Server 4.4.11

  • Ssh Tectia Server 4.4.2

  • Ssh Tectia Server 4.4.4

  • Ssh Tectia Server 4.4.5

  • Ssh Tectia Server 4.4.6

  • Ssh Tectia Server 4.4.7

  • Ssh Tectia Server 4.4.8

  • Ssh Tectia Server 4.4.9

  • Ssh Tectia Server 5.0.0

  • Ssh Tectia Server 5.0.1

  • Ssh Tectia Server 5.0.2

  • Ssh Tectia Server 5.0.3

  • Ssh Tectia Server 5.1.0

  • Ssh Tectia Server 5.1.1

  • Ssh Tectia Server 5.1.2

  • Ssh Tectia Server 5.1.3

  • Ssh Tectia Server 5.2.0

  • Ssh Tectia Server 5.2.1

  • Ssh Tectia Server 5.2.2

  • Ssh Tectia Server 5.2.3

  • Ssh Tectia Server 5.2.4

  • Ssh Tectia Server 5.3.0

  • Ssh Tectia Server 5.3.1

  • Ssh Tectia Server 5.3.2

  • Ssh Tectia Server 5.3.3

  • Ssh Tectia Server 5.3.4

  • Ssh Tectia Server 5.3.5

  • Ssh Tectia Server 5.3.6

  • Ssh Tectia Server 5.3.7

  • Ssh Tectia Server 5.3.8

  • Ssh Tectia Server 5.4.0

  • Ssh Tectia Server 5.4.1

  • Ssh Tectia Server 5.4.2

  • Ssh Tectia Server 5.5.0

  • Ssh Tectia Server 5.5.1

  • Ssh Tectia Server 6.0.0

  • Ssh Tectia Server 6.0.1

  • Ssh Tectia Server 6.0.2

  • Ssh Tectia Server 6.0.3

  • Ssh Tectia Server 6.0.4


References

CERT-VN - VU#958563

XF - openssh-sshtectia-cbc-info-disclosure(46620)

VUPEN - ADV-2009-3184

VUPEN - ADV-2009-1135

VUPEN - ADV-2008-3409

VUPEN - ADV-2008-3173

VUPEN - ADV-2008-3172

CONFIRM - http://www.ssh.com/company/news/article/953/

SECTRACK - 1021382

SECTRACK - 1021236

SECTRACK - 1021235

BID - 32319

BUGTRAQ - 20081123 Revised: OpenSSH security advisory: cbc.adv

BUGTRAQ - 20081121 OpenSSH security advisory: cbc.adv

CONFIRM - http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html

MISC - http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

MISC - http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm

CONFIRM - http://support.attachmate.com/techdocs/2398.html

CONFIRM - http://support.apple.com/kb/HT3937

SUNALERT - 247186

SECUNIA - 34857

SECUNIA - 33308

SECUNIA - 33121

SECUNIA - 32833

SECUNIA - 32760

SECUNIA - 32740

OSVDB - 50036

OSVDB - 50035

OSVDB - 49872

CONFIRM - http://openssh.org/txt/cbc.adv

HP - HPSBMA02447

APPLE - APPLE-SA-2009-11-09-1

MISC - http://isc.sans.org/diary.html?storyid=5366

SECUNIA - 36558

REDHAT - RHSA-2009:1287

HP - SSRT090062


Last Updated: 27 May 2016 11:01:42