GHSA-C9PJ-MWPH-2XJM
Vulnerability from github – Published: 2022-05-14 02:40 – Updated: 2025-04-09 04:00
VLAI?
Details
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
{
"affected": [],
"aliases": [
"CVE-2008-5161"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-11-19T17:30:00Z",
"severity": "LOW"
},
"details": "Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.",
"id": "GHSA-c9pj-mwph-2xjm",
"modified": "2025-04-09T04:00:54Z",
"published": "2022-05-14T02:40:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5161"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46620"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279"
},
{
"type": "WEB",
"url": "http://isc.sans.org/diary.html?storyid=5366"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=125017764422557\u0026w=2"
},
{
"type": "WEB",
"url": "http://openssh.org/txt/cbc.adv"
},
{
"type": "WEB",
"url": "http://osvdb.org/49872"
},
{
"type": "WEB",
"url": "http://osvdb.org/50035"
},
{
"type": "WEB",
"url": "http://osvdb.org/50036"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1287.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32740"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32760"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32833"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/33121"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/33308"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34857"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36558"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3937"
},
{
"type": "WEB",
"url": "http://support.attachmate.com/techdocs/2398.html"
},
{
"type": "WEB",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm"
},
{
"type": "WEB",
"url": "http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/958563"
},
{
"type": "WEB",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/498558/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/498579/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/32319"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1021235"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1021236"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1021382"
},
{
"type": "WEB",
"url": "http://www.ssh.com/company/news/article/953"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/3172"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/3173"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/3409"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/1135"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/3184"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…