CVE-2008-5161

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
openbsdopenssh
4.7p1:p1
sshtectia_client
4.0
sshtectia_client
4.0.1
sshtectia_client
4.0.3
sshtectia_client
4.0.4
sshtectia_client
4.0.5
sshtectia_client
4.2
sshtectia_client
4.2.1
sshtectia_client
4.3
sshtectia_client
4.3.1
sshtectia_client
4.3.1j:j
sshtectia_client
4.3.2
sshtectia_client
4.3.2j:j
sshtectia_client
4.3.3
sshtectia_client
4.3.4
sshtectia_client
4.3.5
sshtectia_client
4.3.6
sshtectia_client
4.3.7
sshtectia_client
4.3.8k:k
sshtectia_client
4.3.9k:k
sshtectia_client
4.4
sshtectia_client
4.4.1
sshtectia_client
4.4.2
sshtectia_client
4.4.3
sshtectia_client
4.4.4
sshtectia_client
4.4.6
sshtectia_client
4.4.7
sshtectia_client
4.4.8
sshtectia_client
4.4.9
sshtectia_client
4.4.10
sshtectia_client
4.4.11
sshtectia_client
5.0.0
sshtectia_client
5.0.0f:f
sshtectia_client
5.0.1
sshtectia_client
5.0.1f:f
sshtectia_client
5.0.2
sshtectia_client
5.0.2f:f
sshtectia_client
5.0.3
sshtectia_client
5.0.3f:f
sshtectia_client
5.1.0
sshtectia_client
5.1.1
sshtectia_client
5.1.2
sshtectia_client
5.1.3
sshtectia_client
5.2.0
sshtectia_client
5.2.1
sshtectia_client
5.2.2
sshtectia_client
5.2.3
sshtectia_client
5.2.4
sshtectia_client
5.3.0
sshtectia_client
5.3.1
sshtectia_client
5.3.2
sshtectia_client
5.3.3
sshtectia_client
5.3.5
sshtectia_client
5.3.6
sshtectia_client
5.3.7
sshtectia_client
5.3.8
sshtectia_client
6.0.0
sshtectia_client
6.0.1
sshtectia_client
6.0.2
sshtectia_client
6.0.3
sshtectia_client
6.0.4
sshtectia_connector
4.0.7
sshtectia_connector
4.1.2
sshtectia_connector
4.1.3
sshtectia_connector
4.1.5
sshtectia_connector
4.2.0
sshtectia_connector
4.3.0
sshtectia_connector
4.3.4
sshtectia_connector
4.3.5
sshtectia_connector
4.4.0
sshtectia_connector
4.4.2
sshtectia_connector
4.4.4
sshtectia_connector
4.4.6
sshtectia_connector
4.4.7
sshtectia_connector
4.4.9
sshtectia_connector
4.4.10
sshtectia_connector
5.0.0
sshtectia_connector
5.0.1
sshtectia_connector
5.0.2
sshtectia_connector
5.0.3
sshtectia_connector
5.1.0
sshtectia_connector
5.1.1
sshtectia_connector
5.1.2
sshtectia_connector
5.1.3
sshtectia_connector
5.2.2
sshtectia_connector
5.3.0
sshtectia_connector
5.3.1
sshtectia_connector
5.3.2
sshtectia_connector
5.3.3
sshtectia_connector
5.3.7
sshtectia_connector
5.3.8
sshtectia_connectsecure
6.0.0
sshtectia_connectsecure
6.0.1
sshtectia_connectsecure
6.0.2
sshtectia_connectsecure
6.0.3
sshtectia_connectsecure
6.0.4
sshtectia_server
4.0
sshtectia_server
4.0.3
sshtectia_server
4.0.4
sshtectia_server
4.0.5
sshtectia_server
4.0.7
sshtectia_server
4.1.2
sshtectia_server
4.1.3
sshtectia_server
4.1.5
sshtectia_server
4.2.0
sshtectia_server
4.2.1
sshtectia_server
4.2.2
sshtectia_server
4.3
sshtectia_server
4.3.0
sshtectia_server
4.3.1
sshtectia_server
4.3.2
sshtectia_server
4.3.3
sshtectia_server
4.3.4
sshtectia_server
4.3.5
sshtectia_server
4.3.6
sshtectia_server
4.3.7
sshtectia_server
4.4
sshtectia_server
4.4.0
sshtectia_server
4.4.1
sshtectia_server
4.4.2
sshtectia_server
4.4.4
sshtectia_server
4.4.5
sshtectia_server
4.4.6
sshtectia_server
4.4.7
sshtectia_server
4.4.8
sshtectia_server
4.4.9
sshtectia_server
4.4.10
sshtectia_server
4.4.11
sshtectia_server
5.0.0
sshtectia_server
5.0.1
sshtectia_server
5.0.2
sshtectia_server
5.0.3
sshtectia_server
5.1.0
sshtectia_server
5.1.1
sshtectia_server
5.1.1
sshtectia_server
5.1.2
sshtectia_server
5.1.3
sshtectia_server
5.2.0
sshtectia_server
5.2.0
sshtectia_server
5.2.1
sshtectia_server
5.2.2
sshtectia_server
5.2.2
sshtectia_server
5.2.3
sshtectia_server
5.2.4
sshtectia_server
5.3.0
sshtectia_server
5.3.0
sshtectia_server
5.3.1
sshtectia_server
5.3.2
sshtectia_server
5.3.3
sshtectia_server
5.3.4
sshtectia_server
5.3.5
sshtectia_server
5.3.6
sshtectia_server
5.3.7
sshtectia_server
5.3.8
sshtectia_server
5.4.0
sshtectia_server
5.4.1
sshtectia_server
5.4.2
sshtectia_server
5.5.0
sshtectia_server
5.5.1
sshtectia_server
6.0.0
sshtectia_server
6.0.0
sshtectia_server
6.0.1
sshtectia_server
6.0.1
sshtectia_server
6.0.2
sshtectia_server
6.0.3
sshtectia_server
6.0.4
sshtectia_server
6.0.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bookworm
1:9.2p1-2+deb12u3
fixed
bookworm (security)
1:9.2p1-2+deb12u3
fixed
bullseye
1:8.4p1-5+deb11u3
fixed
bullseye (security)
1:8.4p1-5+deb11u3
fixed
sid
1:9.9p1-3
fixed
trixie
1:9.9p1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssh
dapper
ignored
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
Common Weakness Enumeration
References
http://isc.sans.org/diary.html?storyid=5366
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://marc.info/?l=bugtraq&m=125017764422557&w=2
http://openssh.org/txt/cbc.adv
http://osvdb.org/49872
http://osvdb.org/50035
http://osvdb.org/50036
http://rhn.redhat.com/errata/RHSA-2009-1287.html
http://secunia.com/advisories/32740
http://secunia.com/advisories/32760
http://secunia.com/advisories/32833
http://secunia.com/advisories/33121
http://secunia.com/advisories/33308
http://secunia.com/advisories/34857
http://secunia.com/advisories/36558
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
http://support.apple.com/kb/HT3937
http://support.attachmate.com/techdocs/2398.html
http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
http://www.kb.cert.org/vuls/id/958563
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
http://www.securityfocus.com/archive/1/498558/100/0/threaded
http://www.securityfocus.com/archive/1/498579/100/0/threaded
http://www.securityfocus.com/bid/32319
http://www.securitytracker.com/id?1021235
http://www.securitytracker.com/id?1021236
http://www.securitytracker.com/id?1021382
http://www.ssh.com/company/news/article/953/
http://www.vupen.com/english/advisories/2008/3172
http://www.vupen.com/english/advisories/2008/3173
http://www.vupen.com/english/advisories/2008/3409
http://www.vupen.com/english/advisories/2009/1135
http://www.vupen.com/english/advisories/2009/3184
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://kc.mcafee.com/corporate/index?page=content&id=SB10106
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
http://isc.sans.org/diary.html?storyid=5366
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://marc.info/?l=bugtraq&m=125017764422557&w=2
http://openssh.org/txt/cbc.adv
http://osvdb.org/49872
http://osvdb.org/50035
http://osvdb.org/50036
http://rhn.redhat.com/errata/RHSA-2009-1287.html
http://secunia.com/advisories/32740
http://secunia.com/advisories/32760
http://secunia.com/advisories/32833
http://secunia.com/advisories/33121
http://secunia.com/advisories/33308
http://secunia.com/advisories/34857
http://secunia.com/advisories/36558
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
http://support.apple.com/kb/HT3937
http://support.attachmate.com/techdocs/2398.html
http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
http://www.kb.cert.org/vuls/id/958563
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
http://www.securityfocus.com/archive/1/498558/100/0/threaded
http://www.securityfocus.com/archive/1/498579/100/0/threaded
http://www.securityfocus.com/bid/32319
http://www.securitytracker.com/id?1021235
http://www.securitytracker.com/id?1021236
http://www.securitytracker.com/id?1021382
http://www.ssh.com/company/news/article/953/
http://www.vupen.com/english/advisories/2008/3172
http://www.vupen.com/english/advisories/2008/3173
http://www.vupen.com/english/advisories/2008/3409
http://www.vupen.com/english/advisories/2009/1135
http://www.vupen.com/english/advisories/2009/3184
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://kc.mcafee.com/corporate/index?page=content&id=SB10106
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279