CVE-2008-5161
LOW EPSS 96.4%
Published Nov 19, 200817y ago · Modified Jun 16, 20262w ago
3.7 CVSS 3.1
Published Nov 19, 2008 17y ago
Last Modified Jun 16, 2026 2w ago
Description
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None
Threat Intelligence
EPSS Exploit Probability
96.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
CWE-329
Affected Products 167
| Vendor | Product | Version | Range |
|---|---|---|---|
| openbsd | openssh | 4.7p1 | any |
| ssh | tectia_client | 4.0 | any |
| ssh | tectia_client | 4.0.1 | any |
| ssh | tectia_client | 4.0.3 | any |
| ssh | tectia_client | 4.0.4 | any |
| ssh | tectia_client | 4.0.5 | any |
| ssh | tectia_client | 4.2 | any |
| ssh | tectia_client | 4.2.1 | any |
| ssh | tectia_client | 4.3 | any |
| ssh | tectia_client | 4.3.1 | any |
| ssh | tectia_client | 4.3.1j | any |
| ssh | tectia_client | 4.3.2 | any |
| ssh | tectia_client | 4.3.2j | any |
| ssh | tectia_client | 4.3.3 | any |
| ssh | tectia_client | 4.3.4 | any |
| ssh | tectia_client | 4.3.5 | any |
| ssh | tectia_client | 4.3.6 | any |
| ssh | tectia_client | 4.3.7 | any |
| ssh | tectia_client | 4.3.8k | any |
| ssh | tectia_client | 4.3.9k | any |
| ssh | tectia_client | 4.4 | any |
| ssh | tectia_client | 4.4.1 | any |
| ssh | tectia_client | 4.4.2 | any |
| ssh | tectia_client | 4.4.3 | any |
| ssh | tectia_client | 4.4.4 | any |
| ssh | tectia_client | 4.4.6 | any |
| ssh | tectia_client | 4.4.7 | any |
| ssh | tectia_client | 4.4.8 | any |
| ssh | tectia_client | 4.4.9 | any |
| ssh | tectia_client | 4.4.10 | any |
| ssh | tectia_client | 4.4.11 | any |
| ssh | tectia_client | 5.0.0 | any |
| ssh | tectia_client | 5.0.0f | any |
| ssh | tectia_client | 5.0.1 | any |
| ssh | tectia_client | 5.0.1f | any |
| ssh | tectia_client | 5.0.2 | any |
| ssh | tectia_client | 5.0.2f | any |
| ssh | tectia_client | 5.0.3 | any |
| ssh | tectia_client | 5.0.3f | any |
| ssh | tectia_client | 5.1.0 | any |
| ssh | tectia_client | 5.1.1 | any |
| ssh | tectia_client | 5.1.2 | any |
| ssh | tectia_client | 5.1.3 | any |
| ssh | tectia_client | 5.2.0 | any |
| ssh | tectia_client | 5.2.1 | any |
| ssh | tectia_client | 5.2.2 | any |
| ssh | tectia_client | 5.2.3 | any |
| ssh | tectia_client | 5.2.4 | any |
| ssh | tectia_client | 5.3.0 | any |
| ssh | tectia_client | 5.3.1 | any |
| ssh | tectia_client | 5.3.2 | any |
| ssh | tectia_client | 5.3.3 | any |
| ssh | tectia_client | 5.3.5 | any |
| ssh | tectia_client | 5.3.6 | any |
| ssh | tectia_client | 5.3.7 | any |
| ssh | tectia_client | 5.3.8 | any |
| ssh | tectia_client | 6.0.0 | any |
| ssh | tectia_client | 6.0.1 | any |
| ssh | tectia_client | 6.0.2 | any |
| ssh | tectia_client | 6.0.3 | any |
| ssh | tectia_client | 6.0.4 | any |
| ssh | tectia_connector | 4.0.7 | any |
| ssh | tectia_connector | 4.1.2 | any |
| ssh | tectia_connector | 4.1.3 | any |
| ssh | tectia_connector | 4.1.5 | any |
| ssh | tectia_connector | 4.2.0 | any |
| ssh | tectia_connector | 4.3.0 | any |
| ssh | tectia_connector | 4.3.4 | any |
| ssh | tectia_connector | 4.3.5 | any |
| ssh | tectia_connector | 4.4.0 | any |
| ssh | tectia_connector | 4.4.2 | any |
| ssh | tectia_connector | 4.4.4 | any |
| ssh | tectia_connector | 4.4.6 | any |
| ssh | tectia_connector | 4.4.7 | any |
| ssh | tectia_connector | 4.4.9 | any |
| ssh | tectia_connector | 4.4.10 | any |
| ssh | tectia_connector | 5.0.0 | any |
| ssh | tectia_connector | 5.0.1 | any |
| ssh | tectia_connector | 5.0.2 | any |
| ssh | tectia_connector | 5.0.3 | any |
| ssh | tectia_connector | 5.1.0 | any |
| ssh | tectia_connector | 5.1.1 | any |
| ssh | tectia_connector | 5.1.2 | any |
| ssh | tectia_connector | 5.1.3 | any |
| ssh | tectia_connector | 5.2.2 | any |
| ssh | tectia_connector | 5.3.0 | any |
| ssh | tectia_connector | 5.3.1 | any |
| ssh | tectia_connector | 5.3.2 | any |
| ssh | tectia_connector | 5.3.3 | any |
| ssh | tectia_connector | 5.3.7 | any |
| ssh | tectia_connector | 5.3.8 | any |
| ssh | tectia_connectsecure | 6.0.0 | any |
| ssh | tectia_connectsecure | 6.0.1 | any |
| ssh | tectia_connectsecure | 6.0.2 | any |
| ssh | tectia_connectsecure | 6.0.3 | any |
| ssh | tectia_connectsecure | 6.0.4 | any |
| ssh | tectia_server | 4.0 | any |
| ssh | tectia_server | 4.0.3 | any |
| ssh | tectia_server | 4.0.4 | any |
| ssh | tectia_server | 4.0.5 | any |
| ssh | tectia_server | 4.0.7 | any |
| ssh | tectia_server | 4.1.2 | any |
| ssh | tectia_server | 4.1.3 | any |
| ssh | tectia_server | 4.1.5 | any |
| ssh | tectia_server | 4.2.0 | any |
| ssh | tectia_server | 4.2.1 | any |
| ssh | tectia_server | 4.2.2 | any |
| ssh | tectia_server | 4.3 | any |
| ssh | tectia_server | 4.3.0 | any |
| ssh | tectia_server | 4.3.1 | any |
| ssh | tectia_server | 4.3.2 | any |
| ssh | tectia_server | 4.3.3 | any |
| ssh | tectia_server | 4.3.4 | any |
| ssh | tectia_server | 4.3.5 | any |
| ssh | tectia_server | 4.3.6 | any |
| ssh | tectia_server | 4.3.7 | any |
| ssh | tectia_server | 4.4 | any |
| ssh | tectia_server | 4.4.0 | any |
| ssh | tectia_server | 4.4.1 | any |
| ssh | tectia_server | 4.4.2 | any |
| ssh | tectia_server | 4.4.4 | any |
| ssh | tectia_server | 4.4.5 | any |
| ssh | tectia_server | 4.4.6 | any |
| ssh | tectia_server | 4.4.7 | any |
| ssh | tectia_server | 4.4.8 | any |
| ssh | tectia_server | 4.4.9 | any |
| ssh | tectia_server | 4.4.10 | any |
| ssh | tectia_server | 4.4.11 | any |
| ssh | tectia_server | 5.0.0 | any |
| ssh | tectia_server | 5.0.1 | any |
| ssh | tectia_server | 5.0.2 | any |
| ssh | tectia_server | 5.0.3 | any |
| ssh | tectia_server | 5.1.0 | any |
| ssh | tectia_server | 5.1.1 | any |
| ssh | tectia_server | 5.1.1 | any |
| ssh | tectia_server | 5.1.2 | any |
| ssh | tectia_server | 5.1.3 | any |
| ssh | tectia_server | 5.2.0 | any |
| ssh | tectia_server | 5.2.0 | any |
| ssh | tectia_server | 5.2.1 | any |
| ssh | tectia_server | 5.2.2 | any |
| ssh | tectia_server | 5.2.2 | any |
| ssh | tectia_server | 5.2.3 | any |
| ssh | tectia_server | 5.2.4 | any |
| ssh | tectia_server | 5.3.0 | any |
| ssh | tectia_server | 5.3.0 | any |
| ssh | tectia_server | 5.3.1 | any |
| ssh | tectia_server | 5.3.2 | any |
| ssh | tectia_server | 5.3.3 | any |
| ssh | tectia_server | 5.3.4 | any |
| ssh | tectia_server | 5.3.5 | any |
| ssh | tectia_server | 5.3.6 | any |
| ssh | tectia_server | 5.3.7 | any |
| ssh | tectia_server | 5.3.8 | any |
| ssh | tectia_server | 5.4.0 | any |
| ssh | tectia_server | 5.4.1 | any |
| ssh | tectia_server | 5.4.2 | any |
| ssh | tectia_server | 5.5.0 | any |
| ssh | tectia_server | 5.5.1 | any |
| ssh | tectia_server | 6.0.0 | any |
| ssh | tectia_server | 6.0.0 | any |
| ssh | tectia_server | 6.0.1 | any |
| ssh | tectia_server | 6.0.1 | any |
| ssh | tectia_server | 6.0.2 | any |
| ssh | tectia_server | 6.0.3 | any |
| ssh | tectia_server | 6.0.4 | any |
| ssh | tectia_server | 6.0.4 | any |
References 40
- isc.sans.org http://isc.sans.org/diary.html?storyid=5366
- kb.juniper.net http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- lists.apple.com http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- marc.info http://marc.info/?l=bugtraq&m=125017764422557&w=2
- openssh.org http://openssh.org/txt/cbc.adv
- osvdb.org http://osvdb.org/49872
- osvdb.org http://osvdb.org/50035
- osvdb.org http://osvdb.org/50036
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2009-1287.html
- secunia.com http://secunia.com/advisories/32740
- secunia.com http://secunia.com/advisories/32760
- secunia.com http://secunia.com/advisories/32833
- secunia.com http://secunia.com/advisories/33121
- secunia.com http://secunia.com/advisories/33308
- secunia.com http://secunia.com/advisories/34857
- secunia.com http://secunia.com/advisories/36558
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
- support.apple.com http://support.apple.com/kb/HT3937
- support.attachmate.com http://support.attachmate.com/techdocs/2398.html
- support.avaya.com http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
- cpni.gov.uk http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
- kb.cert.org http://www.kb.cert.org/vuls/id/958563
- rtpro.yamaha.co.jp http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
- securityfocus.com http://www.securityfocus.com/archive/1/498558/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/498579/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/32319
- securitytracker.com http://www.securitytracker.com/id?1021235
- securitytracker.com http://www.securitytracker.com/id?1021236
- securitytracker.com http://www.securitytracker.com/id?1021382
- ssh.com http://www.ssh.com/company/news/article/953/
- vupen.com http://www.vupen.com/english/advisories/2008/3172
- vupen.com http://www.vupen.com/english/advisories/2008/3173
- vupen.com http://www.vupen.com/english/advisories/2008/3409
- vupen.com http://www.vupen.com/english/advisories/2009/1135
- vupen.com http://www.vupen.com/english/advisories/2009/3184
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
- h20566.www2.hpe.com https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
- kc.mcafee.com https://kc.mcafee.com/corporate/index?page=content&id=SB10106
- kc.mcafee.com https://kc.mcafee.com/corporate/index?page=content&id=SB10163
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.