CVE-2008-5161 Information
Share on:Description
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11 5.0 through 5.2.4 and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier 6.0.0 and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions when using a block cipher algorithm in Cipher Block Chaining (CBC) mode makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
Reference
http://isc.sans.org/diary.html?storyid=5366 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://marc.info/?l=bugtraq&m=125017764422557&w=2 http://openssh.org/txt/cbc.adv http://osvdb.org/49872 http://osvdb.org/50035 http://osvdb.org/50036 http://rhn.redhat.com/errata/RHSA-2009-1287.html http://secunia.com/advisories/32740 http://secunia.com/advisories/32760 http://secunia.com/advisories/32833 http://secunia.com/advisories/33121 http://secunia.com/advisories/33308 http://secunia.com/advisories/34857 http://secunia.com/advisories/36558 http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1 http://support.apple.com/kb/HT3937 http://support.attachmate.com/techdocs/2398.html http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt http://www.kb.cert.org/vuls/id/958563 http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html http://www.securityfocus.com/archive/1/498558/100/0/threaded http://www.securityfocus.com/archive/1/498579/100/0/threaded http://www.securityfocus.com/bid/32319 http://www.securitytracker.com/id?1021235 http://www.securitytracker.com/id?1021236 http://www.securitytracker.com/id?1021382 http://www.ssh.com/company/news/article/953/ http://www.vupen.com/english/advisories/2008/3172 http://www.vupen.com/english/advisories/2008/3173 http://www.vupen.com/english/advisories/2008/3409 http://www.vupen.com/english/advisories/2009/1135 http://www.vupen.com/english/advisories/2009/3184 https://exchange.xforce.ibmcloud.com/vulnerabilities/46620 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667 https://kc.mcafee.com/corporate/index?page=content&id=SB10106 https://kc.mcafee.com/corporate/index?page=content&id=SB10163 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11279