Home > Vulnerability Database > CVE-2008-5161

Mend.io Vulnerability Database

CVE-2008-5161

Date: November 19, 2008

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Severity Score

8.1

Related Resources (43)

Url: http://osvdb.org/49872

Url: http://secunia.com/advisories/36558

Url: http://www.vupen.com/english/advisories/2009/1135

Url: http://www.securitytracker.com/id?1021235

Url: http://secunia.com/advisories/33121

Url: http://rhn.redhat.com/errata/RHSA-2009-1287.html

Url: http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm

Url: http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279

Url: http://secunia.com/advisories/34857

Url: http://secunia.com/advisories/33308

Url: http://secunia.com/advisories/32833

Url: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

Url: http://www.vupen.com/english/advisories/2008/3409

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-5161

Url: http://openssh.org/txt/cbc.adv

Url: http://marc.info/?l=bugtraq&m=125017764422557&w=2

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1

Url: http://www.securityfocus.com/archive/1/498558/100/0/threaded

Url: https://access.redhat.com/security/cve/CVE-2008-5161

Url: http://www.vupen.com/english/advisories/2008/3172

Url: http://www.vupen.com/english/advisories/2008/3173

Url: http://www.securityfocus.com/archive/1/498579/100/0/threaded

Url: http://support.apple.com/kb/HT3937

Url: http://osvdb.org/50036

Url: http://osvdb.org/50035

Url: http://secunia.com/advisories/32760

Url: http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Url: http://www.securitytracker.com/id?1021382

Url: https://kc.mcafee.com/corporate/index?page=content&id=SB10163

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/46620

Url: http://www.vupen.com/english/advisories/2009/3184

Url: http://www.kb.cert.org/vuls/id/958563

Url: http://isc.sans.org/diary.html?storyid=5366

Url: http://secunia.com/advisories/32740

Url: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

Url: http://support.attachmate.com/techdocs/2398.html

Url: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Url: http://www.securityfocus.com/bid/32319

Url: http://www.ssh.com/company/news/article/953/

Url: http://www.securitytracker.com/id?1021236

Url: https://kc.mcafee.com/corporate/index?page=content&id=SB10106

Url: https://www.mend.io/vulnerability-database/CVE-2008-5161

Severity Score

8.1

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-5161

Date: November 19, 2008

Severity Score

Related Resources (43)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?