3.7
CVE-2008-5161
- EPSS 15.4%
- Veröffentlicht 19.11.2008 17:30:00
- Zuletzt bearbeitet 16.06.2026 22:59:22
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ssh ≫ Tectia Client Version4.0
Ssh ≫ Tectia Client Version4.0.1
Ssh ≫ Tectia Client Version4.0.3
Ssh ≫ Tectia Client Version4.0.4
Ssh ≫ Tectia Client Version4.0.5
Ssh ≫ Tectia Client Version4.2
Ssh ≫ Tectia Client Version4.2.1
Ssh ≫ Tectia Client Version4.3
Ssh ≫ Tectia Client Version4.3.1
Ssh ≫ Tectia Client Version4.3.1j
Ssh ≫ Tectia Client Version4.3.2
Ssh ≫ Tectia Client Version4.3.2j
Ssh ≫ Tectia Client Version4.3.3
Ssh ≫ Tectia Client Version4.3.4
Ssh ≫ Tectia Client Version4.3.5
Ssh ≫ Tectia Client Version4.3.6
Ssh ≫ Tectia Client Version4.3.7
Ssh ≫ Tectia Client Version4.3.8k
Ssh ≫ Tectia Client Version4.3.9k
Ssh ≫ Tectia Client Version4.4
Ssh ≫ Tectia Client Version4.4.1
Ssh ≫ Tectia Client Version4.4.2
Ssh ≫ Tectia Client Version4.4.3
Ssh ≫ Tectia Client Version4.4.4
Ssh ≫ Tectia Client Version4.4.6
Ssh ≫ Tectia Client Version4.4.7
Ssh ≫ Tectia Client Version4.4.8
Ssh ≫ Tectia Client Version4.4.9
Ssh ≫ Tectia Client Version4.4.10
Ssh ≫ Tectia Client Version4.4.11
Ssh ≫ Tectia Client Version5.0.0
Ssh ≫ Tectia Client Version5.0.0f
Ssh ≫ Tectia Client Version5.0.1
Ssh ≫ Tectia Client Version5.0.1f
Ssh ≫ Tectia Client Version5.0.2
Ssh ≫ Tectia Client Version5.0.2f
Ssh ≫ Tectia Client Version5.0.3
Ssh ≫ Tectia Client Version5.0.3f
Ssh ≫ Tectia Client Version5.1.0
Ssh ≫ Tectia Client Version5.1.1
Ssh ≫ Tectia Client Version5.1.2
Ssh ≫ Tectia Client Version5.1.3
Ssh ≫ Tectia Client Version5.2.0
Ssh ≫ Tectia Client Version5.2.1
Ssh ≫ Tectia Client Version5.2.2
Ssh ≫ Tectia Client Version5.2.3
Ssh ≫ Tectia Client Version5.2.4
Ssh ≫ Tectia Client Version5.3.0
Ssh ≫ Tectia Client Version5.3.1
Ssh ≫ Tectia Client Version5.3.2
Ssh ≫ Tectia Client Version5.3.3
Ssh ≫ Tectia Client Version5.3.5
Ssh ≫ Tectia Client Version5.3.6
Ssh ≫ Tectia Client Version5.3.7
Ssh ≫ Tectia Client Version5.3.8
Ssh ≫ Tectia Client Version6.0.0
Ssh ≫ Tectia Client Version6.0.1
Ssh ≫ Tectia Client Version6.0.2
Ssh ≫ Tectia Client Version6.0.3
Ssh ≫ Tectia Client Version6.0.4
Ssh ≫ Tectia Connector Version4.0.7
Ssh ≫ Tectia Connector Version4.1.2
Ssh ≫ Tectia Connector Version4.1.3
Ssh ≫ Tectia Connector Version4.1.5
Ssh ≫ Tectia Connector Version4.2.0
Ssh ≫ Tectia Connector Version4.3.0
Ssh ≫ Tectia Connector Version4.3.4
Ssh ≫ Tectia Connector Version4.3.5
Ssh ≫ Tectia Connector Version4.4.0
Ssh ≫ Tectia Connector Version4.4.2
Ssh ≫ Tectia Connector Version4.4.4
Ssh ≫ Tectia Connector Version4.4.6
Ssh ≫ Tectia Connector Version4.4.7
Ssh ≫ Tectia Connector Version4.4.9
Ssh ≫ Tectia Connector Version4.4.10
Ssh ≫ Tectia Connector Version5.0.0
Ssh ≫ Tectia Connector Version5.0.1
Ssh ≫ Tectia Connector Version5.0.2
Ssh ≫ Tectia Connector Version5.0.3
Ssh ≫ Tectia Connector Version5.1.0
Ssh ≫ Tectia Connector Version5.1.1
Ssh ≫ Tectia Connector Version5.1.2
Ssh ≫ Tectia Connector Version5.1.3
Ssh ≫ Tectia Connector Version5.2.2
Ssh ≫ Tectia Connector Version5.3.0
Ssh ≫ Tectia Connector Version5.3.1
Ssh ≫ Tectia Connector Version5.3.2
Ssh ≫ Tectia Connector Version5.3.3
Ssh ≫ Tectia Connector Version5.3.7
Ssh ≫ Tectia Connector Version5.3.8
Ssh ≫ Tectia Connectsecure Version6.0.0
Ssh ≫ Tectia Connectsecure Version6.0.1
Ssh ≫ Tectia Connectsecure Version6.0.2
Ssh ≫ Tectia Connectsecure Version6.0.3
Ssh ≫ Tectia Connectsecure Version6.0.4
Ssh ≫ Tectia Server Version4.0
Ssh ≫ Tectia Server Version4.0.3
Ssh ≫ Tectia Server Version4.0.4
Ssh ≫ Tectia Server Version4.0.5
Ssh ≫ Tectia Server Version4.0.7
Ssh ≫ Tectia Server Version4.1.2
Ssh ≫ Tectia Server Version4.1.3
Ssh ≫ Tectia Server Version4.1.5
Ssh ≫ Tectia Server Version4.2.0
Ssh ≫ Tectia Server Version4.2.1
Ssh ≫ Tectia Server Version4.2.2
Ssh ≫ Tectia Server Version4.3
Ssh ≫ Tectia Server Version4.3.0
Ssh ≫ Tectia Server Version4.3.1
Ssh ≫ Tectia Server Version4.3.2
Ssh ≫ Tectia Server Version4.3.3
Ssh ≫ Tectia Server Version4.3.4
Ssh ≫ Tectia Server Version4.3.5
Ssh ≫ Tectia Server Version4.3.6
Ssh ≫ Tectia Server Version4.3.7
Ssh ≫ Tectia Server Version4.4
Ssh ≫ Tectia Server Version4.4.0
Ssh ≫ Tectia Server Version4.4.1
Ssh ≫ Tectia Server Version4.4.2
Ssh ≫ Tectia Server Version4.4.4
Ssh ≫ Tectia Server Version4.4.5
Ssh ≫ Tectia Server Version4.4.6
Ssh ≫ Tectia Server Version4.4.7
Ssh ≫ Tectia Server Version4.4.8
Ssh ≫ Tectia Server Version4.4.9
Ssh ≫ Tectia Server Version4.4.10
Ssh ≫ Tectia Server Version4.4.11
Ssh ≫ Tectia Server Version5.0.0
Ssh ≫ Tectia Server Version5.0.1
Ssh ≫ Tectia Server Version5.0.2
Ssh ≫ Tectia Server Version5.0.3
Ssh ≫ Tectia Server Version5.1.0
Ssh ≫ Tectia Server Version5.1.1
Ssh ≫ Tectia Server Version5.1.1 Editionibm_zos
Ssh ≫ Tectia Server Version5.1.2
Ssh ≫ Tectia Server Version5.1.3
Ssh ≫ Tectia Server Version5.2.0
Ssh ≫ Tectia Server Version5.2.0 Editionibm_zos
Ssh ≫ Tectia Server Version5.2.1 Editionibm_zos
Ssh ≫ Tectia Server Version5.2.2
Ssh ≫ Tectia Server Version5.2.2 Editionibm_zos
Ssh ≫ Tectia Server Version5.2.3
Ssh ≫ Tectia Server Version5.2.4
Ssh ≫ Tectia Server Version5.3.0
Ssh ≫ Tectia Server Version5.3.0 Editionibm_zos
Ssh ≫ Tectia Server Version5.3.1
Ssh ≫ Tectia Server Version5.3.2
Ssh ≫ Tectia Server Version5.3.3
Ssh ≫ Tectia Server Version5.3.4
Ssh ≫ Tectia Server Version5.3.5
Ssh ≫ Tectia Server Version5.3.6
Ssh ≫ Tectia Server Version5.3.7
Ssh ≫ Tectia Server Version5.3.8
Ssh ≫ Tectia Server Version5.4.0 Editionibm_zos
Ssh ≫ Tectia Server Version5.4.1 Editionibm_zos
Ssh ≫ Tectia Server Version5.4.2 Editionibm_zos
Ssh ≫ Tectia Server Version5.5.0 Editionibm_zos
Ssh ≫ Tectia Server Version5.5.1 Editionibm_zos
Ssh ≫ Tectia Server Version6.0.0
Ssh ≫ Tectia Server Version6.0.0 Editionibm_zos
Ssh ≫ Tectia Server Version6.0.1
Ssh ≫ Tectia Server Version6.0.1 Editionibm_zos
Ssh ≫ Tectia Server Version6.0.2
Ssh ≫ Tectia Server Version6.0.3
Ssh ≫ Tectia Server Version6.0.4
Ssh ≫ Tectia Server Version6.0.4 Editionlinux_ibm_zos
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 15.4% | 0.964 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-329 Generation of Predictable IV with CBC Mode
The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://support.apple.com/kb/HT3937
http://www.vupen.com/english/advisories/2009/3184
http://marc.info/?l=bugtraq&m=125017764422557&w=2
http://isc.sans.org/diary.html?storyid=5366
http://openssh.org/txt/cbc.adv
http://osvdb.org/49872
http://osvdb.org/50035
http://osvdb.org/50036
http://rhn.redhat.com/errata/RHSA-2009-1287.html
http://secunia.com/advisories/32740
http://secunia.com/advisories/32760
http://secunia.com/advisories/32833
http://secunia.com/advisories/33121
http://secunia.com/advisories/33308
http://secunia.com/advisories/34857
http://secunia.com/advisories/36558
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
http://support.attachmate.com/techdocs/2398.html
http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
http://www.kb.cert.org/vuls/id/958563
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
http://www.securityfocus.com/archive/1/498558/100/0/threaded
http://www.securityfocus.com/archive/1/498579/100/0/threaded
http://www.securityfocus.com/bid/32319
http://www.securitytracker.com/id?1021235
http://www.securitytracker.com/id?1021236
http://www.securitytracker.com/id?1021382
http://www.ssh.com/company/news/article/953/
http://www.vupen.com/english/advisories/2008/3172
http://www.vupen.com/english/advisories/2008/3173
http://www.vupen.com/english/advisories/2008/3409
http://www.vupen.com/english/advisories/2009/1135
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://kc.mcafee.com/corporate/index?page=content&id=SB10106
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279