CVE - CVE-2008-5161

CVE-ID
CVE-2008-5161	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20081121 OpenSSH security advisory: cbc.adv URL:http://www.securityfocus.com/archive/1/498558/100/0/threaded BUGTRAQ:20081123 Revised: OpenSSH security advisory: cbc.adv URL:http://www.securityfocus.com/archive/1/498579/100/0/threaded MISC:http://isc.sans.org/diary.html?storyid=5366 MISC:http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt MISC:http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm CONFIRM:http://openssh.org/txt/cbc.adv CONFIRM:http://support.attachmate.com/techdocs/2398.html CONFIRM:http://www.ssh.com/company/news/article/953/ CONFIRM:http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html CONFIRM:http://support.apple.com/kb/HT3937 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667 CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10163 CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10106 APPLE:APPLE-SA-2009-11-09-1 URL:http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html HP:HPSBMA02447 URL:http://marc.info/?l=bugtraq&m=125017764422557&w=2 HP:SSRT090062 URL:http://marc.info/?l=bugtraq&m=125017764422557&w=2 REDHAT:RHSA-2009:1287 URL:http://rhn.redhat.com/errata/RHSA-2009-1287.html SUNALERT:247186 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1 CERT-VN:VU#958563 URL:http://www.kb.cert.org/vuls/id/958563 BID:32319 URL:http://www.securityfocus.com/bid/32319 OVAL:oval:org.mitre.oval:def:11279 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279 SECTRACK:1021382 URL:http://www.securitytracker.com/id?1021382 SECUNIA:33121 URL:http://secunia.com/advisories/33121 SECUNIA:34857 URL:http://secunia.com/advisories/34857 SECUNIA:36558 URL:http://secunia.com/advisories/36558 VUPEN:ADV-2008-3172 URL:http://www.vupen.com/english/advisories/2008/3172 VUPEN:ADV-2008-3173 URL:http://www.vupen.com/english/advisories/2008/3173 VUPEN:ADV-2008-3409 URL:http://www.vupen.com/english/advisories/2008/3409 OSVDB:49872 URL:http://osvdb.org/49872 OSVDB:50035 URL:http://osvdb.org/50035 OSVDB:50036 URL:http://osvdb.org/50036 SECTRACK:1021235 URL:http://www.securitytracker.com/id?1021235 SECTRACK:1021236 URL:http://www.securitytracker.com/id?1021236 SECUNIA:32740 URL:http://secunia.com/advisories/32740 SECUNIA:32760 URL:http://secunia.com/advisories/32760 SECUNIA:32833 URL:http://secunia.com/advisories/32833 SECUNIA:33308 URL:http://secunia.com/advisories/33308 VUPEN:ADV-2009-1135 URL:http://www.vupen.com/english/advisories/2009/1135 VUPEN:ADV-2009-3184 URL:http://www.vupen.com/english/advisories/2009/3184 XF:openssh-sshtectia-cbc-info-disclosure(46620) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
Assigning CNA
N/A
Date Entry Created
20081119	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20081119)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.