CVE-2008-5161

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Published : 2008-11-19 17:30 Updated : 2018-10-11 20:54

2.6
CVSS Score More info
Score 2.6 / 10
2.6
Vendor Product Version URI
Ssh Tectia Client 4.3.8k cpe:/a:ssh:tectia_client:4.3.8k
Ssh Tectia Connector 5.3.0 cpe:/a:ssh:tectia_connector:5.3.0
Ssh Tectia Connector 5.3.1 cpe:/a:ssh:tectia_connector:5.3.1
Ssh Tectia Connector 5.3.2 cpe:/a:ssh:tectia_connector:5.3.2
Ssh Tectia Connector 5.3.3 cpe:/a:ssh:tectia_connector:5.3.3
Ssh Tectia Client 5.0.2f cpe:/a:ssh:tectia_client:5.0.2f
Ssh Tectia Connector 4.1.3 cpe:/a:ssh:tectia_connector:4.1.3
Ssh Tectia Server 4.4 cpe:/a:ssh:tectia_server:4.4
Ssh Tectia Connector 4.1.5 cpe:/a:ssh:tectia_connector:4.1.5
Ssh Tectia Server 5.3.3 cpe:/a:ssh:tectia_server:5.3.3
Ssh Tectia Server 5.3.2 cpe:/a:ssh:tectia_server:5.3.2
Ssh Tectia Connector 4.1.2 cpe:/a:ssh:tectia_connector:4.1.2
Ssh Tectia Server 4.3 cpe:/a:ssh:tectia_server:4.3
Ssh Tectia Connector 4.3.5 cpe:/a:ssh:tectia_connector:4.3.5
Ssh Tectia Server 5.3.1 cpe:/a:ssh:tectia_server:5.3.1
Ssh Tectia Server 5.3.0 cpe:/a:ssh:tectia_server:5.3.0
Ssh Tectia Server 4.0 cpe:/a:ssh:tectia_server:4.0
Ssh Tectia Server 4.4.5 cpe:/a:ssh:tectia_server:4.4.5
Ssh Tectia Client 5.2.2 cpe:/a:ssh:tectia_client:5.2.2
Ssh Tectia Client 6.0.1 cpe:/a:ssh:tectia_client:6.0.1
Ssh Tectia Server 4.4.4 cpe:/a:ssh:tectia_server:4.4.4
Ssh Tectia Client 5.2.1 cpe:/a:ssh:tectia_client:5.2.1
Ssh Tectia Client 6.0.0 cpe:/a:ssh:tectia_client:6.0.0
Ssh Tectia Server 5.4.0 cpe:/a:ssh:tectia_server:5.4.0::ibm_zos
Ssh Tectia Server 5.4.1 cpe:/a:ssh:tectia_server:5.4.1::ibm_zos
Ssh Tectia Server 5.4.2 cpe:/a:ssh:tectia_server:5.4.2::ibm_zos
Ssh Tectia Server 4.4.9 cpe:/a:ssh:tectia_server:4.4.9
Ssh Tectia Server 4.4.8 cpe:/a:ssh:tectia_server:4.4.8
Ssh Tectia Server 4.2.1 cpe:/a:ssh:tectia_server:4.2.1
Ssh Tectia Client 5.2.4 cpe:/a:ssh:tectia_client:5.2.4
Ssh Tectia Server 4.2.0 cpe:/a:ssh:tectia_server:4.2.0
Ssh Tectia Client 5.2.3 cpe:/a:ssh:tectia_client:5.2.3
Ssh Tectia Client 4.0.3 cpe:/a:ssh:tectia_client:4.0.3
Ssh Tectia Server 4.2.2 cpe:/a:ssh:tectia_server:4.2.2
Ssh Tectia Client 5.0.3f cpe:/a:ssh:tectia_client:5.0.3f
Ssh Tectia Client 4.0.4 cpe:/a:ssh:tectia_client:4.0.4
Ssh Tectia Client 4.0.5 cpe:/a:ssh:tectia_client:4.0.5
Ssh Tectia Client 4.4.1 cpe:/a:ssh:tectia_client:4.4.1
Ssh Tectia Client 4.0.1 cpe:/a:ssh:tectia_client:4.0.1
Ssh Tectia Client 5.0.0f cpe:/a:ssh:tectia_client:5.0.0f
Ssh Tectia Client 4.4.2 cpe:/a:ssh:tectia_client:4.4.2
Ssh Tectia Client 4.4.10 cpe:/a:ssh:tectia_client:4.4.10
Ssh Tectia Client 4.4.3 cpe:/a:ssh:tectia_client:4.4.3
Ssh Tectia Client 5.2.0 cpe:/a:ssh:tectia_client:5.2.0
Ssh Tectia Client 6.0.3 cpe:/a:ssh:tectia_client:6.0.3
Ssh Tectia Client 6.0.2 cpe:/a:ssh:tectia_client:6.0.2
Ssh Tectia Client 4.4.11 cpe:/a:ssh:tectia_client:4.4.11
Ssh Tectia Client 6.0.4 cpe:/a:ssh:tectia_client:6.0.4
Ssh Tectia Server 4.4.7 cpe:/a:ssh:tectia_server:4.4.7
Ssh Tectia Server 4.4.6 cpe:/a:ssh:tectia_server:4.4.6
Ssh Tectia Connectsecure 6.0.4 cpe:/a:ssh:tectia_connectsecure:6.0.4
Ssh Tectia Connector 5.2.2 cpe:/a:ssh:tectia_connector:5.2.2
Ssh Tectia Connectsecure 6.0.1 cpe:/a:ssh:tectia_connectsecure:6.0.1
Ssh Tectia Connectsecure 6.0.0 cpe:/a:ssh:tectia_connectsecure:6.0.0
Ssh Tectia Client 4.3.2j cpe:/a:ssh:tectia_client:4.3.2j
Ssh Tectia Connectsecure 6.0.3 cpe:/a:ssh:tectia_connectsecure:6.0.3
Ssh Tectia Connectsecure 6.0.2 cpe:/a:ssh:tectia_connectsecure:6.0.2
Ssh Tectia Connector 4.4.0 cpe:/a:ssh:tectia_connector:4.4.0
Ssh Tectia Server 5.0.2 cpe:/a:ssh:tectia_server:5.0.2
Ssh Tectia Server 5.0.1 cpe:/a:ssh:tectia_server:5.0.1
Ssh Tectia Connector 4.0.7 cpe:/a:ssh:tectia_connector:4.0.7
Ssh Tectia Connector 4.4.2 cpe:/a:ssh:tectia_connector:4.4.2
Ssh Tectia Server 5.0.0 cpe:/a:ssh:tectia_server:5.0.0
Ssh Tectia Server 5.0.3 cpe:/a:ssh:tectia_server:5.0.3
Ssh Tectia Server 4.3.6 cpe:/a:ssh:tectia_server:4.3.6
Ssh Tectia Client 5.1.3 cpe:/a:ssh:tectia_client:5.1.3
Ssh Tectia Server 4.3.5 cpe:/a:ssh:tectia_server:4.3.5
Ssh Tectia Client 5.1.2 cpe:/a:ssh:tectia_client:5.1.2
Ssh Tectia Server 5.5.0 cpe:/a:ssh:tectia_server:5.5.0::ibm_zos
Ssh Tectia Server 5.5.1 cpe:/a:ssh:tectia_server:5.5.1::ibm_zos
Ssh Tectia Server 4.1.2 cpe:/a:ssh:tectia_server:4.1.2
Ssh Tectia Server 4.1.5 cpe:/a:ssh:tectia_server:4.1.5
Ssh Tectia Server 4.1.3 cpe:/a:ssh:tectia_server:4.1.3
Ssh Tectia Server 5.1.1 cpe:/a:ssh:tectia_server:5.1.1::ibm_zos
Ssh Tectia Client 4.3.1 cpe:/a:ssh:tectia_client:4.3.1
Ssh Tectia Client 4.3.2 cpe:/a:ssh:tectia_client:4.3.2
Ssh Tectia Client 5.3.7 cpe:/a:ssh:tectia_client:5.3.7
Ssh Tectia Client 5.3.6 cpe:/a:ssh:tectia_client:5.3.6
Ssh Tectia Client 4.3.3 cpe:/a:ssh:tectia_client:4.3.3
Ssh Tectia Client 4.3.4 cpe:/a:ssh:tectia_client:4.3.4
Ssh Tectia Client 5.3.8 cpe:/a:ssh:tectia_client:5.3.8
Ssh Tectia Client 5.1.1 cpe:/a:ssh:tectia_client:5.1.1
Ssh Tectia Client 5.1.0 cpe:/a:ssh:tectia_client:5.1.0
Ssh Tectia Client 5.3.5 cpe:/a:ssh:tectia_client:5.3.5
Ssh Tectia Server 4.3.7 cpe:/a:ssh:tectia_server:4.3.7
Ssh Tectia Connector 5.1.2 cpe:/a:ssh:tectia_connector:5.1.2
Ssh Tectia Connector 5.1.3 cpe:/a:ssh:tectia_connector:5.1.3
Ssh Tectia Connector 5.1.0 cpe:/a:ssh:tectia_connector:5.1.0
Ssh Tectia Connector 5.1.1 cpe:/a:ssh:tectia_connector:5.1.1
Ssh Tectia Connector 5.3.8 cpe:/a:ssh:tectia_connector:5.3.8
Ssh Tectia Server 5.3.7 cpe:/a:ssh:tectia_server:5.3.7
Ssh Tectia Server 5.3.6 cpe:/a:ssh:tectia_server:5.3.6
Ssh Tectia Connector 5.3.7 cpe:/a:ssh:tectia_connector:5.3.7
Ssh Tectia Server 5.3.5 cpe:/a:ssh:tectia_server:5.3.5
Ssh Tectia Server 5.3.4 cpe:/a:ssh:tectia_server:5.3.4
Ssh Tectia Server 5.1.1 cpe:/a:ssh:tectia_server:5.1.1
Ssh Tectia Connector 4.4.10 cpe:/a:ssh:tectia_connector:4.4.10
Ssh Tectia Server 5.1.0 cpe:/a:ssh:tectia_server:5.1.0
Ssh Tectia Connector 4.3.4 cpe:/a:ssh:tectia_connector:4.3.4
Ssh Tectia Server 5.3.8 cpe:/a:ssh:tectia_server:5.3.8
Ssh Tectia Connector 4.3.0 cpe:/a:ssh:tectia_connector:4.3.0
Ssh Tectia Server 5.1.3 cpe:/a:ssh:tectia_server:5.1.3
Ssh Tectia Server 5.1.2 cpe:/a:ssh:tectia_server:5.1.2
Ssh Tectia Server 6.0.3 cpe:/a:ssh:tectia_server:6.0.3
Ssh Tectia Server 5.2.1 cpe:/a:ssh:tectia_server:5.2.1::ibm_zos
Ssh Tectia Server 6.0.0 cpe:/a:ssh:tectia_server:6.0.0::ibm_zos
Ssh Tectia Client 5.0.3 cpe:/a:ssh:tectia_client:5.0.3
Ssh Tectia Server 6.0.2 cpe:/a:ssh:tectia_server:6.0.2
Ssh Tectia Server 5.2.2 cpe:/a:ssh:tectia_server:5.2.2::ibm_zos
Ssh Tectia Server 6.0.1 cpe:/a:ssh:tectia_server:6.0.1::ibm_zos
Ssh Tectia Client 4.4.6 cpe:/a:ssh:tectia_client:4.4.6
Ssh Tectia Client 4.4.7 cpe:/a:ssh:tectia_client:4.4.7
Ssh Tectia Client 5.0.0 cpe:/a:ssh:tectia_client:5.0.0
Ssh Tectia Server 4.0.3 cpe:/a:ssh:tectia_server:4.0.3
Ssh Tectia Server 6.0.4 cpe:/a:ssh:tectia_server:6.0.4
Ssh Tectia Client 4.4.8 cpe:/a:ssh:tectia_client:4.4.8
Ssh Tectia Client 4.4.9 cpe:/a:ssh:tectia_client:4.4.9
Ssh Tectia Server 4.0.7 cpe:/a:ssh:tectia_server:4.0.7
Ssh Tectia Server 6.0.1 cpe:/a:ssh:tectia_server:6.0.1
Ssh Tectia Client 4.2.1 cpe:/a:ssh:tectia_client:4.2.1
Ssh Tectia Server 4.4.2 cpe:/a:ssh:tectia_server:4.4.2
Ssh Tectia Server 6.0.0 cpe:/a:ssh:tectia_server:6.0.0
Ssh Tectia Client 4.4.4 cpe:/a:ssh:tectia_client:4.4.4
Ssh Tectia Server 4.4.1 cpe:/a:ssh:tectia_server:4.4.1
Ssh Tectia Server 4.0.5 cpe:/a:ssh:tectia_server:4.0.5
Ssh Tectia Server 4.0.4 cpe:/a:ssh:tectia_server:4.0.4
Ssh Tectia Server 4.4.0 cpe:/a:ssh:tectia_server:4.4.0
Ssh Tectia Server 5.2.0 cpe:/a:ssh:tectia_server:5.2.0::ibm_zos
Ssh Tectia Server 4.4.10 cpe:/a:ssh:tectia_server:4.4.10
Ssh Tectia Client 5.0.2 cpe:/a:ssh:tectia_client:5.0.2
Ssh Tectia Client 5.0.1 cpe:/a:ssh:tectia_client:5.0.1
Ssh Tectia Connector 4.4.7 cpe:/a:ssh:tectia_connector:4.4.7
Ssh Tectia Connector 5.0.3 cpe:/a:ssh:tectia_connector:5.0.3
Ssh Tectia Connector 4.4.6 cpe:/a:ssh:tectia_connector:4.4.6
Ssh Tectia Connector 5.0.0 cpe:/a:ssh:tectia_connector:5.0.0
Ssh Tectia Connector 5.0.1 cpe:/a:ssh:tectia_connector:5.0.1
Ssh Tectia Connector 5.0.2 cpe:/a:ssh:tectia_connector:5.0.2
Ssh Tectia Server 4.4.11 cpe:/a:ssh:tectia_server:4.4.11
Ssh Tectia Server 5.2.0 cpe:/a:ssh:tectia_server:5.2.0
Ssh Tectia Client 5.0.1f cpe:/a:ssh:tectia_client:5.0.1f
Ssh Tectia Connector 4.4.9 cpe:/a:ssh:tectia_connector:4.4.9
Ssh Tectia Server 5.2.4 cpe:/a:ssh:tectia_server:5.2.4
Ssh Tectia Server 5.2.3 cpe:/a:ssh:tectia_server:5.2.3
Ssh Tectia Connector 4.2.0 cpe:/a:ssh:tectia_connector:4.2.0
Ssh Tectia Connector 4.4.4 cpe:/a:ssh:tectia_connector:4.4.4
Ssh Tectia Server 5.2.2 cpe:/a:ssh:tectia_server:5.2.2
Ssh Tectia Client 4.3.1j cpe:/a:ssh:tectia_client:4.3.1j
Ssh Tectia Client 5.3.1 cpe:/a:ssh:tectia_client:5.3.1
Ssh Tectia Server 5.3.0 cpe:/a:ssh:tectia_server:5.3.0::ibm_zos
Ssh Tectia Client 5.3.0 cpe:/a:ssh:tectia_client:5.3.0
Ssh Tectia Client 4.3.7 cpe:/a:ssh:tectia_client:4.3.7
Ssh Tectia Client 4.3 cpe:/a:ssh:tectia_client:4.3
Ssh Tectia Client 4.2 cpe:/a:ssh:tectia_client:4.2
Ssh Tectia Server 4.3.0 cpe:/a:ssh:tectia_server:4.3.0
Ssh Tectia Client 5.3.3 cpe:/a:ssh:tectia_client:5.3.3
Openbsd Openssh 4.7p1 cpe:/a:openbsd:openssh:4.7p1
Ssh Tectia Client 5.3.2 cpe:/a:ssh:tectia_client:5.3.2
Ssh Tectia Client 4.3.9k cpe:/a:ssh:tectia_client:4.3.9k
Ssh Tectia Server 4.3.4 cpe:/a:ssh:tectia_server:4.3.4
Ssh Tectia Server 4.3.3 cpe:/a:ssh:tectia_server:4.3.3
Ssh Tectia Client 4.3.5 cpe:/a:ssh:tectia_client:4.3.5
Ssh Tectia Server 4.3.2 cpe:/a:ssh:tectia_server:4.3.2
Ssh Tectia Client 4.3.6 cpe:/a:ssh:tectia_client:4.3.6
Ssh Tectia Server 4.3.1 cpe:/a:ssh:tectia_server:4.3.1
Ssh Tectia Client 4.0 cpe:/a:ssh:tectia_client:4.0
Ssh Tectia Server 6.0.4 cpe:/a:ssh:tectia_server:6.0.4::linux_ibm_zos
Ssh Tectia Client 4.4 cpe:/a:ssh:tectia_client:4.4
  1. Openbsd (1) Search CVE
    1. Openssh (1) Search CVE
      1. 4.7p1
  2. Ssh (4) Search CVE
    1. Tectia Client (60) Search CVE
      1. 4.3.8k
      2. 5.0.2f
      3. 5.2.2
      4. 6.0.1
      5. 5.2.1
      6. 6.0.0
      7. 5.2.4
      8. 5.2.3
      9. 4.0.3
      10. 5.0.3f
      11. 4.0.4
      12. 4.0.5
      13. 4.4.1
      14. 4.0.1
      15. 5.0.0f
      16. 4.4.2
      17. 4.4.10
      18. 4.4.3
      19. 5.2.0
      20. 6.0.3
      21. 6.0.2
      22. 4.4.11
      23. 6.0.4
      24. 4.3.2j
      25. 5.1.3
      26. 5.1.2
      27. 4.3.1
      28. 4.3.2
      29. 5.3.7
      30. 5.3.6
      31. 4.3.3
      32. 4.3.4
      33. 5.3.8
      34. 5.1.1
      35. 5.1.0
      36. 5.3.5
      37. 5.0.3
      38. 4.4.6
      39. 4.4.7
      40. 5.0.0
      41. 4.4.8
      42. 4.4.9
      43. 4.2.1
      44. 4.4.4
      45. 5.0.2
      46. 5.0.1
      47. 5.0.1f
      48. 4.3.1j
      49. 5.3.1
      50. 5.3.0
      51. 4.3.7
      52. 4.3
      53. 4.2
      54. 5.3.3
      55. 5.3.2
      56. 4.3.9k
      57. 4.3.5
      58. 4.3.6
      59. 4.0
      60. 4.4
    2. Tectia Connectsecure (5) Search CVE
      1. 6.0.4
      2. 6.0.1
      3. 6.0.0
      4. 6.0.3
      5. 6.0.2
    3. Tectia Connector (30) Search CVE
      1. 5.3.0
      2. 5.3.1
      3. 5.3.2
      4. 5.3.3
      5. 4.1.3
      6. 4.1.5
      7. 4.1.2
      8. 4.3.5
      9. 5.2.2
      10. 4.4.0
      11. 4.0.7
      12. 4.4.2
      13. 5.1.2
      14. 5.1.3
      15. 5.1.0
      16. 5.1.1
      17. 5.3.8
      18. 5.3.7
      19. 4.4.10
      20. 4.3.4
      21. 4.3.0
      22. 4.4.7
      23. 5.0.3
      24. 4.4.6
      25. 5.0.0
      26. 5.0.1
      27. 5.0.2
      28. 4.4.9
      29. 4.2.0
      30. 4.4.4
    4. Tectia Server (64) Search CVE
      1. 4.4
      2. 5.3.3
      3. 5.3.2
      4. 4.3
      5. 5.3.1
      6. 5.3.0
      7. 4.0
      8. 4.4.5
      9. 4.4.4
      10. 5.4.0
      11. 5.4.1
      12. 5.4.2
      13. 4.4.9
      14. 4.4.8
      15. 4.2.1
      16. 4.2.0
      17. 4.2.2
      18. 4.4.7
      19. 4.4.6
      20. 5.0.2
      21. 5.0.1
      22. 5.0.0
      23. 5.0.3
      24. 4.3.6
      25. 4.3.5
      26. 5.5.0
      27. 5.5.1
      28. 4.1.2
      29. 4.1.5
      30. 4.1.3
      31. 5.1.1
      32. 4.3.7
      33. 5.3.7
      34. 5.3.6
      35. 5.3.5
      36. 5.3.4
      37. 5.1.0
      38. 5.3.8
      39. 5.1.3
      40. 5.1.2
      41. 6.0.3
      42. 5.2.1
      43. 6.0.0
      44. 6.0.2
      45. 5.2.2
      46. 6.0.1
      47. 4.0.3
      48. 6.0.4
      49. 4.0.7
      50. 4.4.2
      51. 4.4.1
      52. 4.0.5
      53. 4.0.4
      54. 4.4.0
      55. 5.2.0
      56. 4.4.10
      57. 4.4.11
      58. 5.2.4
      59. 5.2.3
      60. 4.3.0
      61. 4.3.4
      62. 4.3.3
      63. 4.3.2
      64. 4.3.1

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

References

Source Link
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
BUGTRAQ http://www.securityfocus.com/archive/1/498579/100/0/threaded
BUGTRAQ http://www.securityfocus.com/archive/1/498558/100/0/threaded
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10163
MISC http://isc.sans.org/diary.html?storyid=5366
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
APPLE http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
CONFIRM http://openssh.org/txt/cbc.adv
REDHAT http://rhn.redhat.com/errata/RHSA-2009-1287.html
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
CONFIRM http://support.apple.com/kb/HT3937
CONFIRM http://support.attachmate.com/techdocs/2398.html
MISC http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
MISC http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
CERT-VN http://www.kb.cert.org/vuls/id/958563
CONFIRM http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
BID http://www.securityfocus.com/bid/32319
SECTRACK http://www.securitytracker.com/id?1021235
SECTRACK http://www.securitytracker.com/id?1021236
SECTRACK http://www.securitytracker.com/id?1021382
CONFIRM http://www.ssh.com/company/news/article/953/
VUPEN http://www.vupen.com/english/advisories/2008/3172
VUPEN http://www.vupen.com/english/advisories/2008/3173
VUPEN http://www.vupen.com/english/advisories/2008/3409
VUPEN http://www.vupen.com/english/advisories/2009/1135
VUPEN http://www.vupen.com/english/advisories/2009/3184
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10106
HP http://marc.info/?l=bugtraq&m=125017764422557&w=2