2.6

CVE-2008-5161

EPSS 3.47%
Veröffentlicht 19.11.2008 17:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 43

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openbsd ≫ Openssh Version4.7p1

Ssh ≫ Tectia Client Version4.0

Ssh ≫ Tectia Client Version4.0.1

Ssh ≫ Tectia Client Version4.0.3

Ssh ≫ Tectia Client Version4.0.4

Ssh ≫ Tectia Client Version4.0.5

Ssh ≫ Tectia Client Version4.2

Ssh ≫ Tectia Client Version4.2.1

Ssh ≫ Tectia Client Version4.3

Ssh ≫ Tectia Client Version4.3.1

Ssh ≫ Tectia Client Version4.3.1j

Ssh ≫ Tectia Client Version4.3.2

Ssh ≫ Tectia Client Version4.3.2j

Ssh ≫ Tectia Client Version4.3.3

Ssh ≫ Tectia Client Version4.3.4

Ssh ≫ Tectia Client Version4.3.5

Ssh ≫ Tectia Client Version4.3.6

Ssh ≫ Tectia Client Version4.3.7

Ssh ≫ Tectia Client Version4.3.8k

Ssh ≫ Tectia Client Version4.3.9k

Ssh ≫ Tectia Client Version4.4

Ssh ≫ Tectia Client Version4.4.1

Ssh ≫ Tectia Client Version4.4.2

Ssh ≫ Tectia Client Version4.4.3

Ssh ≫ Tectia Client Version4.4.4

Ssh ≫ Tectia Client Version4.4.6

Ssh ≫ Tectia Client Version4.4.7

Ssh ≫ Tectia Client Version4.4.8

Ssh ≫ Tectia Client Version4.4.9

Ssh ≫ Tectia Client Version4.4.10

Ssh ≫ Tectia Client Version4.4.11

Ssh ≫ Tectia Client Version5.0.0

Ssh ≫ Tectia Client Version5.0.0f

Ssh ≫ Tectia Client Version5.0.1

Ssh ≫ Tectia Client Version5.0.1f

Ssh ≫ Tectia Client Version5.0.2

Ssh ≫ Tectia Client Version5.0.2f

Ssh ≫ Tectia Client Version5.0.3

Ssh ≫ Tectia Client Version5.0.3f

Ssh ≫ Tectia Client Version5.1.0

Ssh ≫ Tectia Client Version5.1.1

Ssh ≫ Tectia Client Version5.1.2

Ssh ≫ Tectia Client Version5.1.3

Ssh ≫ Tectia Client Version5.2.0

Ssh ≫ Tectia Client Version5.2.1

Ssh ≫ Tectia Client Version5.2.2

Ssh ≫ Tectia Client Version5.2.3

Ssh ≫ Tectia Client Version5.2.4

Ssh ≫ Tectia Client Version5.3.0

Ssh ≫ Tectia Client Version5.3.1

Ssh ≫ Tectia Client Version5.3.2

Ssh ≫ Tectia Client Version5.3.3

Ssh ≫ Tectia Client Version5.3.5

Ssh ≫ Tectia Client Version5.3.6

Ssh ≫ Tectia Client Version5.3.7

Ssh ≫ Tectia Client Version5.3.8

Ssh ≫ Tectia Client Version6.0.0

Ssh ≫ Tectia Client Version6.0.1

Ssh ≫ Tectia Client Version6.0.2

Ssh ≫ Tectia Client Version6.0.3

Ssh ≫ Tectia Client Version6.0.4

Ssh ≫ Tectia Connector Version4.0.7

Ssh ≫ Tectia Connector Version4.1.2

Ssh ≫ Tectia Connector Version4.1.3

Ssh ≫ Tectia Connector Version4.1.5

Ssh ≫ Tectia Connector Version4.2.0

Ssh ≫ Tectia Connector Version4.3.0

Ssh ≫ Tectia Connector Version4.3.4

Ssh ≫ Tectia Connector Version4.3.5

Ssh ≫ Tectia Connector Version4.4.0

Ssh ≫ Tectia Connector Version4.4.2

Ssh ≫ Tectia Connector Version4.4.4

Ssh ≫ Tectia Connector Version4.4.6

Ssh ≫ Tectia Connector Version4.4.7

Ssh ≫ Tectia Connector Version4.4.9

Ssh ≫ Tectia Connector Version4.4.10

Ssh ≫ Tectia Connector Version5.0.0

Ssh ≫ Tectia Connector Version5.0.1

Ssh ≫ Tectia Connector Version5.0.2

Ssh ≫ Tectia Connector Version5.0.3

Ssh ≫ Tectia Connector Version5.1.0

Ssh ≫ Tectia Connector Version5.1.1

Ssh ≫ Tectia Connector Version5.1.2

Ssh ≫ Tectia Connector Version5.1.3

Ssh ≫ Tectia Connector Version5.2.2

Ssh ≫ Tectia Connector Version5.3.0

Ssh ≫ Tectia Connector Version5.3.1

Ssh ≫ Tectia Connector Version5.3.2

Ssh ≫ Tectia Connector Version5.3.3

Ssh ≫ Tectia Connector Version5.3.7

Ssh ≫ Tectia Connector Version5.3.8

Ssh ≫ Tectia Connectsecure Version6.0.0

Ssh ≫ Tectia Connectsecure Version6.0.1

Ssh ≫ Tectia Connectsecure Version6.0.2

Ssh ≫ Tectia Connectsecure Version6.0.3

Ssh ≫ Tectia Connectsecure Version6.0.4

Ssh ≫ Tectia Server Version4.0

Ssh ≫ Tectia Server Version4.0.3

Ssh ≫ Tectia Server Version4.0.4

Ssh ≫ Tectia Server Version4.0.5

Ssh ≫ Tectia Server Version4.0.7

Ssh ≫ Tectia Server Version4.1.2

Ssh ≫ Tectia Server Version4.1.3

Ssh ≫ Tectia Server Version4.1.5

Ssh ≫ Tectia Server Version4.2.0

Ssh ≫ Tectia Server Version4.2.1

Ssh ≫ Tectia Server Version4.2.2

Ssh ≫ Tectia Server Version4.3

Ssh ≫ Tectia Server Version4.3.0

Ssh ≫ Tectia Server Version4.3.1

Ssh ≫ Tectia Server Version4.3.2

Ssh ≫ Tectia Server Version4.3.3

Ssh ≫ Tectia Server Version4.3.4

Ssh ≫ Tectia Server Version4.3.5

Ssh ≫ Tectia Server Version4.3.6

Ssh ≫ Tectia Server Version4.3.7

Ssh ≫ Tectia Server Version4.4

Ssh ≫ Tectia Server Version4.4.0

Ssh ≫ Tectia Server Version4.4.1

Ssh ≫ Tectia Server Version4.4.2

Ssh ≫ Tectia Server Version4.4.4

Ssh ≫ Tectia Server Version4.4.5

Ssh ≫ Tectia Server Version4.4.6

Ssh ≫ Tectia Server Version4.4.7

Ssh ≫ Tectia Server Version4.4.8

Ssh ≫ Tectia Server Version4.4.9

Ssh ≫ Tectia Server Version4.4.10

Ssh ≫ Tectia Server Version4.4.11

Ssh ≫ Tectia Server Version5.0.0

Ssh ≫ Tectia Server Version5.0.1

Ssh ≫ Tectia Server Version5.0.2

Ssh ≫ Tectia Server Version5.0.3

Ssh ≫ Tectia Server Version5.1.0

Ssh ≫ Tectia Server Version5.1.1

Ssh ≫ Tectia Server Version5.1.1 Editionibm_zos

Ssh ≫ Tectia Server Version5.1.2

Ssh ≫ Tectia Server Version5.1.3

Ssh ≫ Tectia Server Version5.2.0

Ssh ≫ Tectia Server Version5.2.0 Editionibm_zos

Ssh ≫ Tectia Server Version5.2.1 Editionibm_zos

Ssh ≫ Tectia Server Version5.2.2

Ssh ≫ Tectia Server Version5.2.2 Editionibm_zos

Ssh ≫ Tectia Server Version5.2.3

Ssh ≫ Tectia Server Version5.2.4

Ssh ≫ Tectia Server Version5.3.0

Ssh ≫ Tectia Server Version5.3.0 Editionibm_zos

Ssh ≫ Tectia Server Version5.3.1

Ssh ≫ Tectia Server Version5.3.2

Ssh ≫ Tectia Server Version5.3.3

Ssh ≫ Tectia Server Version5.3.4

Ssh ≫ Tectia Server Version5.3.5

Ssh ≫ Tectia Server Version5.3.6

Ssh ≫ Tectia Server Version5.3.7

Ssh ≫ Tectia Server Version5.3.8

Ssh ≫ Tectia Server Version5.4.0 Editionibm_zos

Ssh ≫ Tectia Server Version5.4.1 Editionibm_zos

Ssh ≫ Tectia Server Version5.4.2 Editionibm_zos

Ssh ≫ Tectia Server Version5.5.0 Editionibm_zos

Ssh ≫ Tectia Server Version5.5.1 Editionibm_zos

Ssh ≫ Tectia Server Version6.0.0

Ssh ≫ Tectia Server Version6.0.0 Editionibm_zos

Ssh ≫ Tectia Server Version6.0.1

Ssh ≫ Tectia Server Version6.0.1 Editionibm_zos

Ssh ≫ Tectia Server Version6.0.2

Ssh ≫ Tectia Server Version6.0.3

Ssh ≫ Tectia Server Version6.0.4

Ssh ≫ Tectia Server Version6.0.4 Editionlinux_ibm_zos

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.47%	0.871

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

http://support.apple.com/kb/HT3937

http://www.vupen.com/english/advisories/2009/3184

http://marc.info/?l=bugtraq&m=125017764422557&w=2

http://isc.sans.org/diary.html?storyid=5366

http://openssh.org/txt/cbc.adv

http://osvdb.org/49872

http://osvdb.org/50035

http://osvdb.org/50036

http://rhn.redhat.com/errata/RHSA-2009-1287.html

http://secunia.com/advisories/32740

Vendor Advisory

http://secunia.com/advisories/32760

Vendor Advisory

http://secunia.com/advisories/32833

http://secunia.com/advisories/33121

http://secunia.com/advisories/33308

http://secunia.com/advisories/34857

http://secunia.com/advisories/36558

http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1

http://support.attachmate.com/techdocs/2398.html

http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm

http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

http://www.kb.cert.org/vuls/id/958563

US Government Resource

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html

http://www.securityfocus.com/archive/1/498558/100/0/threaded

http://www.securityfocus.com/archive/1/498579/100/0/threaded

http://www.securityfocus.com/bid/32319

http://www.securitytracker.com/id?1021235

http://www.securitytracker.com/id?1021236

http://www.securitytracker.com/id?1021382

http://www.ssh.com/company/news/article/953/

Vendor Advisory

http://www.vupen.com/english/advisories/2008/3172

http://www.vupen.com/english/advisories/2008/3173

http://www.vupen.com/english/advisories/2008/3409

http://www.vupen.com/english/advisories/2009/1135

https://exchange.xforce.ibmcloud.com/vulnerabilities/46620

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

https://kc.mcafee.com/corporate/index?page=content&id=SB10106

https://kc.mcafee.com/corporate/index?page=content&id=SB10163

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279

https://nvd.nist.gov/vuln/detail/CVE-2008-5161

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-5161

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-5161

EUVD