CVE-2008-5161

low

Description

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

http://marc.info/?l=bugtraq&m=125017764422557&w=2

http://rhn.redhat.com/errata/RHSA-2009-1287.html

http://secunia.com/advisories/32740

http://secunia.com/advisories/32760

http://secunia.com/advisories/32833

http://secunia.com/advisories/33121

http://secunia.com/advisories/33308

http://secunia.com/advisories/34857

http://secunia.com/advisories/36558

https://exchange.xforce.ibmcloud.com/vulnerabilities/46620

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

https://kc.mcafee.com/corporate/index?page=content&id=SB10106

https://kc.mcafee.com/corporate/index?page=content&id=SB10163

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279

http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1

http://support.apple.com/kb/HT3937

http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm

http://www.kb.cert.org/vuls/id/958563

http://www.securitytracker.com/id?1021235

http://www.securitytracker.com/id?1021236

http://www.securitytracker.com/id?1021382

http://www.vupen.com/english/advisories/2008/3172

http://www.vupen.com/english/advisories/2008/3173

http://www.vupen.com/english/advisories/2008/3409

http://www.vupen.com/english/advisories/2009/1135

http://www.vupen.com/english/advisories/2009/3184

Details

Source: Mitre, NVD

Published: 2008-11-19

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Severity: Low