CVE-2008-5161

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

References

http://isc.sans.org/diary.html?storyid=5366

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

http://marc.info/?l=bugtraq&m=125017764422557&w=2

http://openssh.org/txt/cbc.adv

http://osvdb.org/49872

http://osvdb.org/50035

http://osvdb.org/50036

http://rhn.redhat.com/errata/RHSA-2009-1287.html

http://secunia.com/advisories/32740

http://secunia.com/advisories/32760

http://secunia.com/advisories/32833

http://secunia.com/advisories/33121

http://secunia.com/advisories/33308

http://secunia.com/advisories/34857

http://secunia.com/advisories/36558

http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1

http://support.apple.com/kb/HT3937

http://support.attachmate.com/techdocs/2398.html

http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm

http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

http://www.kb.cert.org/vuls/id/958563

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html

http://www.securityfocus.com/archive/1/498558/100/0/threaded

http://www.securityfocus.com/archive/1/498579/100/0/threaded

http://www.securityfocus.com/bid/32319

http://www.securitytracker.com/id?1021235

http://www.securitytracker.com/id?1021236

http://www.securitytracker.com/id?1021382

http://www.ssh.com/company/news/article/953/

http://www.vupen.com/english/advisories/2008/3172

http://www.vupen.com/english/advisories/2008/3173

http://www.vupen.com/english/advisories/2008/3409

http://www.vupen.com/english/advisories/2009/1135

http://www.vupen.com/english/advisories/2009/3184

https://exchange.xforce.ibmcloud.com/vulnerabilities/46620

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

https://kc.mcafee.com/corporate/index?page=content&id=SB10106

https://kc.mcafee.com/corporate/index?page=content&id=SB10163

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279

Details

Source: MITRE

Published: 2008-11-19

Updated: 2018-10-11

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.3.1j:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.3.2j:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.3.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.3.5:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.3.6:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.3.7:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.3.8k:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.3.9k:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.4.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.4.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.4.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.4.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.4.6:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.4.7:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.4.8:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.4.9:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.4.10:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:4.4.11:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.0.0f:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.0.1f:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.0.2f:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.0.3f:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_client:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.3.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.3.5:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.4.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.4.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.4.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.4.6:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.4.7:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.4.9:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:4.4.10:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connector:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connectsecure:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connectsecure:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connectsecure:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connectsecure:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_connectsecure:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.3.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.3.5:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.3.6:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.3.7:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.4.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.4.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.4.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.4.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.4.5:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.4.6:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.4.7:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.4.8:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.4.9:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.4.10:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:4.4.11:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.1.1:*:ibm_zos:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.2.0:*:ibm_zos:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.2.1:*:ibm_zos:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.2.2:*:ibm_zos:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.3.0:*:ibm_zos:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.4.0:*:ibm_zos:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.4.1:*:ibm_zos:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.4.2:*:ibm_zos:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.5.0:*:ibm_zos:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:5.5.1:*:ibm_zos:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:6.0.0:*:ibm_zos:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:6.0.1:*:ibm_zos:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ssh:tectia_server:6.0.4:*:linux_ibm_zos:*:*:*:*:*

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
78153F5 Networks BIG-IP : OpenSSH vulnerability (K14609)NessusF5 Networks Local Security Checks
low
73958GLSA-201405-06 : OpenSSH: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
73557AIX OpenSSH Advisory: openssh_advisory.ascNessusAIX Local Security Checks
low
70658SSH Server CBC Mode Ciphers EnabledNessusMisc.
low
60657Scientific Linux Security Update : openssh on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
low
44065OpenSSH < 5.2 CBC Plaintext DisclosureNessusMisc.
medium
55992SunSSH < 1.1.1 / 1.3 CBC Plaintext DisclosureNessusMisc.
critical
43781CentOS 5 : openssh (CESA-2009:1287)NessusCentOS Local Security Checks
low
42433Mac OS X Multiple Vulnerabilities (Security Update 2009-006)NessusMacOS X Local Security Checks
critical
40837RHEL 5 : openssh (RHSA-2009:1287)NessusRed Hat Local Security Checks
low
36806Solaris 10 (sparc) : 140774-03NessusSolaris Local Security Checks
low
36559Solaris 10 (x86) : 140775-03NessusSolaris Local Security Checks
low
4761SSH Tectia CBC Information DisclosureNessus Network MonitorSSH
medium
4598OpenSSH X11 < 5.1 Session HijackingNessus Network MonitorSSH
medium
24861Solaris 9 (x86) : 122301-61NessusSolaris Local Security Checks
high
24858Solaris 9 (sparc) : 122300-61NessusSolaris Local Security Checks
high