CVE - CVE-2008-5161

CVE-ID
CVE-2008-5161	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2009-11-09-1 URL:http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BID:32319 URL:http://www.securityfocus.com/bid/32319 BUGTRAQ:20081121 OpenSSH security advisory: cbc.adv URL:http://www.securityfocus.com/archive/1/498558/100/0/threaded BUGTRAQ:20081123 Revised: OpenSSH security advisory: cbc.adv URL:http://www.securityfocus.com/archive/1/498579/100/0/threaded CERT-VN:VU#958563 URL:http://www.kb.cert.org/vuls/id/958563 CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 CONFIRM:http://openssh.org/txt/cbc.adv CONFIRM:http://support.apple.com/kb/HT3937 CONFIRM:http://support.attachmate.com/techdocs/2398.html CONFIRM:http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html CONFIRM:http://www.ssh.com/company/news/article/953/ CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667 CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10106 CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10163 HP:HPSBMA02447 URL:http://marc.info/?l=bugtraq&m=125017764422557&w=2 HP:SSRT090062 URL:http://marc.info/?l=bugtraq&m=125017764422557&w=2 MISC:http://isc.sans.org/diary.html?storyid=5366 MISC:http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm MISC:http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt OSVDB:49872 URL:~~http://osvdb.org/49872~~ (Obsolete source) OSVDB:50035 URL:~~http://osvdb.org/50035~~ (Obsolete source) OSVDB:50036 URL:~~http://osvdb.org/50036~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:11279 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279 REDHAT:RHSA-2009:1287 URL:http://rhn.redhat.com/errata/RHSA-2009-1287.html SECTRACK:1021235 URL:http://www.securitytracker.com/id?1021235 SECTRACK:1021236 URL:http://www.securitytracker.com/id?1021236 SECTRACK:1021382 URL:http://www.securitytracker.com/id?1021382 SECUNIA:32740 URL:http://secunia.com/advisories/32740 SECUNIA:32760 URL:http://secunia.com/advisories/32760 SECUNIA:32833 URL:http://secunia.com/advisories/32833 SECUNIA:33121 URL:http://secunia.com/advisories/33121 SECUNIA:33308 URL:http://secunia.com/advisories/33308 SECUNIA:34857 URL:http://secunia.com/advisories/34857 SECUNIA:36558 URL:http://secunia.com/advisories/36558 SUNALERT:247186 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1~~ (Obsolete source) VUPEN:ADV-2008-3172 URL:~~http://www.vupen.com/english/advisories/2008/3172~~ (Obsolete source) VUPEN:ADV-2008-3173 URL:~~http://www.vupen.com/english/advisories/2008/3173~~ (Obsolete source) VUPEN:ADV-2008-3409 URL:~~http://www.vupen.com/english/advisories/2008/3409~~ (Obsolete source) VUPEN:ADV-2009-1135 URL:~~http://www.vupen.com/english/advisories/2009/1135~~ (Obsolete source) VUPEN:ADV-2009-3184 URL:~~http://www.vupen.com/english/advisories/2009/3184~~ (Obsolete source) XF:openssh-sshtectia-cbc-info-disclosure(46620) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
Assigning CNA
MITRE Corporation
Date Record Created
20081119	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20081119)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)