Podatność CVE-2008-5161
Publikacja: 2008-11-19   Modyfikacja: 2012-02-12

Opis:
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Typ:

CWE-200

 (Information Exposure)

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:N/A:N)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
2.6/10
2.9/10
4.9/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Wysoka
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Brak
Brak
Affected software
SSH -> Tectia client 
SSH -> Tectia connector 
SSH -> Tectia connectsecure 
SSH -> Tectia server 
Openssh -> Openssh 
Openbsd -> Openssh 

 Referencje:
http://isc.sans.org/diary.html?storyid=5366
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://marc.info/?l=bugtraq&m=125017764422557&w=2
http://openssh.org/txt/cbc.adv
http://rhn.redhat.com/errata/RHSA-2009-1287.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
http://support.apple.com/kb/HT3937
http://support.attachmate.com/techdocs/2398.html
http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
http://www.kb.cert.org/vuls/id/958563
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
http://www.securityfocus.com/archive/1/498558/100/0/threaded
http://www.securityfocus.com/archive/1/498579/100/0/threaded
http://www.securityfocus.com/bid/32319
http://www.securitytracker.com/id?1021235
http://www.securitytracker.com/id?1021236
http://www.securitytracker.com/id?1021382
http://www.ssh.com/company/news/article/953/
http://www.vupen.com/english/advisories/2008/3172
http://www.vupen.com/english/advisories/2008/3173
http://www.vupen.com/english/advisories/2008/3409
http://www.vupen.com/english/advisories/2009/1135
http://www.vupen.com/english/advisories/2009/3184
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://kc.mcafee.com/corporate/index?page=content&id=SB10106
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
Copyright 2024, cxsecurity.com

 

Back to Top