CVE Vulnerability

CVE-2008-5161

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

2.6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 4.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://osvdb.org/49872
http://www.ssh.com/company/news/article/953/ Vendor Advisory
http://secunia.com/advisories/32760 Vendor Advisory
http://www.securitytracker.com/id?1021235
http://www.securitytracker.com/id?1021236
http://secunia.com/advisories/32740 Vendor Advisory
http://isc.sans.org/diary.html?storyid=5366
http://www.securityfocus.com/bid/32319
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
http://openssh.org/txt/cbc.adv
http://support.attachmate.com/techdocs/2398.html
http://www.kb.cert.org/vuls/id/958563 US Government Resource
http://secunia.com/advisories/32833
http://osvdb.org/50035
http://osvdb.org/50036
http://secunia.com/advisories/33308
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
http://www.securitytracker.com/id?1021382
http://secunia.com/advisories/33121
http://secunia.com/advisories/34857
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
http://www.vupen.com/english/advisories/2009/1135
http://marc.info/?l=bugtraq&m=125017764422557&w=2
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://support.apple.com/kb/HT3937
http://www.vupen.com/english/advisories/2009/3184
http://www.vupen.com/english/advisories/2008/3173
http://www.vupen.com/english/advisories/2008/3172
http://www.vupen.com/english/advisories/2008/3409
http://secunia.com/advisories/36558
http://rhn.redhat.com/errata/RHSA-2009-1287.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://kc.mcafee.com/corporate/index?page=content&id=SB10106
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
http://www.securityfocus.com/archive/1/498579/100/0/threaded
http://www.securityfocus.com/archive/1/498558/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:ssh:tectia_server:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.0.3f:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.4.6:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.3.0:*:ibm_zos:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.3.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.4.6:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.1.1:*:ibm_zos:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.3.8:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.0.2f:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.3.1j:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.4.0:*:ibm_zos:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.5.1:*:ibm_zos:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.4.7:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.4:*:linux_ibm_zos:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.4.9:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.2.1:*:ibm_zos:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.4.10:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.4.11:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.4.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.3.2j:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.3.8k:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.3.8:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.3.9k:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.4.7:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.4.1:*:ibm_zos:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.4.11:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.3.8:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.4.10:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.3.7:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.4.7:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:4.4.6:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.4.10:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.3.7:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.0:*:ibm_zos:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.2.2:*:ibm_zos:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.4.8:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.3.6:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.2.0:*:ibm_zos:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.4.8:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.3.7:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.5.0:*:ibm_zos:*:*:*:*:*
cpe:2.3:a:ssh:tectia_connector:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.4.9:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.4.9:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.1:*:ibm_zos:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.4.2:*:ibm_zos:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_client:5.3.6:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:4.4:*:*:*:*:*:*:*
Information

Published : 2008-11-19 05:30

Updated : 2018-10-11 08:54

NVD link : CVE-2008-5161

Mitre link : CVE-2008-5161

Products Affected
No products.
CWE
CWE-200