Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2008-5161

Disclosure Date: November 19, 2008 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

References

Canonical

CVE-2008-5161 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5161)

BID-32319 (http://www.securityfocus.com/bid/32319)

Advisory

http://openssh.org/txt/cbc.adv

SUNALERT-247186 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1)

SECUNIA-33121 (http://secunia.com/advisories/33121)

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

OSVDB-49872 (http://osvdb.org/49872)

SECUNIA-33308 (http://secunia.com/advisories/33308)

http://rhn.redhat.com/errata/RHSA-2009-1287.html

SECTRACK-1021382 (http://www.securitytracker.com/id?1021382)

https://kc.mcafee.com/corporate/index?page=content&id=SB10163

OSVDB-50036 (http://osvdb.org/50036)

SECUNIA-32833 (http://secunia.com/advisories/32833)

SECUNIA-36558 (http://secunia.com/advisories/36558)

OSVDB-50035 (http://osvdb.org/50035)

http://www.ssh.com/company/news/article/953

SECTRACK-1021235 (http://www.securitytracker.com/id?1021235)

SECUNIA-34857 (http://secunia.com/advisories/34857)

http://support.attachmate.com/techdocs/2398.html

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html

ADV-2008-3173 (http://www.vupen.com/english/advisories/2008/3173)

20081123 Revised: OpenSSH security advisory: cbc.adv (http://www.securityfocus.com/archive/1/498579/100/0/threaded)

XF-openssh-sshtectia-cbc-info-disclosure(46620) (https://exchange.xforce.ibmcloud.com/vulnerabilities/46620)

SECUNIA-32740 (http://secunia.com/advisories/32740)

ADV-2009-1135 (http://www.vupen.com/english/advisories/2009/1135)

SECUNIA-32760 (http://secunia.com/advisories/32760)

ADV-2009-3184 (http://www.vupen.com/english/advisories/2009/3184)

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

SECTRACK-1021236 (http://www.securitytracker.com/id?1021236)

https://kc.mcafee.com/corporate/index?page=content&id=SB10106

HPSBMA02447 (http://marc.info?l=bugtraq&m=125017764422557&w=2)

APPLE-SA-2009-11-09-1 (http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html)

ADV-2008-3409 (http://www.vupen.com/english/advisories/2008/3409)

ADV-2008-3172 (http://www.vupen.com/english/advisories/2008/3172)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279

20081121 OpenSSH security advisory: cbc.adv (http://www.securityfocus.com/archive/1/498558/100/0/threaded)

http://support.apple.com/kb/HT3937

VU#958563 (http://www.kb.cert.org/vuls/id/958563)

Miscellaneous

http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm

http://isc.sans.org/diary.html?storyid=5366

Rapid7

Technical Analysis