Detections
Analytics

CVE-2008-5161

low

Description

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279

https://kc.mcafee.com/corporate/index?page=content&id=SB10163

https://kc.mcafee.com/corporate/index?page=content&id=SB10106

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

https://exchange.xforce.ibmcloud.com/vulnerabilities/46620

http://www.vupen.com/english/advisories/2009/3184

http://www.vupen.com/english/advisories/2009/1135

http://www.vupen.com/english/advisories/2008/3409

http://www.vupen.com/english/advisories/2008/3173

http://www.vupen.com/english/advisories/2008/3172

http://www.ssh.com/company/news/article/953/

http://www.securitytracker.com/id?1021382

http://www.securitytracker.com/id?1021236

http://www.securitytracker.com/id?1021235

http://www.securityfocus.com/bid/32319

http://www.securityfocus.com/archive/1/498579/100/0/threaded

http://www.securityfocus.com/archive/1/498558/100/0/threaded

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html

http://www.kb.cert.org/vuls/id/958563

http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm

http://support.attachmate.com/techdocs/2398.html

http://support.apple.com/kb/HT3937

http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1

http://secunia.com/advisories/36558

http://secunia.com/advisories/34857

http://secunia.com/advisories/33308

http://secunia.com/advisories/33121

http://secunia.com/advisories/32833

http://secunia.com/advisories/32760

http://secunia.com/advisories/32740

http://rhn.redhat.com/errata/RHSA-2009-1287.html

http://osvdb.org/50036

http://osvdb.org/50035

http://osvdb.org/49872

http://openssh.org/txt/cbc.adv

http://marc.info/?l=bugtraq&m=125017764422557&w=2

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://isc.sans.org/diary.html?storyid=5366

Details

Source: Mitre, NVD

Published: 2008-11-19

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Low

CVSS v4

Base Score: 2.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: Low

EPSS

EPSS: 0.03067