CVE-2008-5161: Infoleak
First published: Wed Nov 19 2008(Updated: )
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SSH Tectia Server | =5.0.3 | |
| SSH Tectia Connector | =4.4.2 | |
| SSH Tectia Client | =5.0.3f | |
| SSH Tectia Server | =4.4.6 | |
| SSH Tectia Client | =5.0.2 | |
| SSH Tectia Server | =5.2.0 | |
| SSH Tectia Connector | =4.3.0 | |
| SSH Tectia Server | =4.3 | |
| SSH Tectia Client | =5.2.3 | |
| SSH Tectia Server | =5.3.0 | |
| SSH Tectia Client | =4.0.3 | |
| SSH Tectia Client | =4.3.4 | |
| SSH Tectia Server | =5.1.3 | |
| SSH Tectia Server | =5.3.4 | |
| SSH Tectia Server | =5.3.5 | |
| SSH Tectia Client | =5.0.0f | |
| SSH Tectia Client | =4.4.6 | |
| SSH Tectia Connector | =4.2.0 | |
| SSH Tectia Connector | =4.3.5 | |
| SSH Tectia Server | =5.1.1 | |
| SSH Tectia Server | =4.2.1 | |
| SSH Tectia Connector | =5.0.1 | |
| SSH Tectia Server | =4.2.0 | |
| SSH Tectia Server | =4.0.7 | |
| SSH Tectia Connector | =4.1.3 | |
| SSH Tectia Server | =5.3.8 | |
| SSH Tectia Client | =4.3.6 | |
| SSH Tectia Client | =5.0.1f | |
| SSH Tectia Client | =4.4.1 | |
| SSH Tectia Client | =5.0.2f | |
| SSH Tectia Client | =6.0.2 | |
| SSH Tectia Client | =4.3.1j | |
| SSH Tectia Server | =5.4.0 | |
| SSH Tectia Server | =5.5.1 | |
| SSH Tectia Server | =6.0.0 | |
| SSH Tectia Connector | =5.1.0 | |
| SSH Tectia Server | =5.0.2 | |
| SSH Tectia Connector | =5.3.1 | |
| SSH Tectia Client | =6.0.4 | |
| SSH Tectia Server | =5.3.2 | |
| SSH Tectia Server | =4.4.7 | |
| SSH Tectia ConnectSecure | =6.0.4 | |
| SSH Tectia Client | =5.3.2 | |
| SSH Tectia Client | =4.3.1 | |
| SSH Tectia Server | =5.2.2 | |
| SSH Tectia Server | =4.3.0 | |
| SSH Tectia Server | =4.4.0 | |
| SSH Tectia Server | =6.0.4 | |
| SSH Tectia Client | =5.2.1 | |
| SSH Tectia Connector | =4.4.9 | |
| SSH Tectia Client | =4.3.5 | |
| SSH Tectia Server | =4.4.1 | |
| SSH Tectia Client | =5.1.2 | |
| SSH Tectia Server | =6.0.1 | |
| SSH Tectia Server | =5.2.1 | |
| SSH Tectia Server | =5.0.0 | |
| SSH Tectia Client | =4.4.4 | |
| SSH Tectia Server | =4.3.7 | |
| SSH Tectia Server | =5.2.3 | |
| SSH Tectia Connector | =5.1.2 | |
| SSH Tectia Server | =4.4.4 | |
| SSH Tectia Server | =4.0 | |
| SSH Tectia ConnectSecure | =6.0.2 | |
| SSH Tectia Connector | =4.4.10 | |
| SSH Tectia Client | =4.0.4 | |
| SSH Tectia Connector | =5.3.0 | |
| SSH Tectia Connector | =5.1.1 | |
| SSH Tectia Connector | =5.0.3 | |
| SSH Tectia Client | =4.4.11 | |
| SSH Tectia Connector | =4.1.2 | |
| SSH Tectia Client | =5.1.3 | |
| SSH Tectia Client | =5.3.3 | |
| SSH Tectia Client | =4.4 | |
| SSH Tectia Client | =5.0.3 | |
| SSH Tectia Client | =5.2.2 | |
| SSH Tectia Server | =4.4.5 | |
| SSH Tectia Client | =4.3.2j | |
| SSH Tectia Server | =4.3.6 | |
| SSH Tectia Client | =4.3.8k | |
| SSH Tectia Server | =4.3.3 | |
| SSH Tectia Connector | =4.0.7 | |
| SSH Tectia Client | =5.3.5 | |
| SSH Tectia Client | =4.3.2 | |
| SSH Tectia Connector | =4.4.0 | |
| SSH Tectia Connector | =5.3.2 | |
| SSH Tectia Client | =5.3.8 | |
| SSH Tectia Connector | =4.3.4 | |
| SSH Tectia Client | =5.1.0 | |
| SSH Tectia Client | =5.2.0 | |
| SSH Tectia Client | =4.3.9k | |
| SSH Tectia Server | =4.3.2 | |
| SSH Tectia Server | =4.0.4 | |
| OpenSSH | =4.7p1 | |
| SSH Tectia Connector | =5.3.3 | |
| SSH Tectia Client | =4.4.7 | |
| SSH Tectia Server | =5.4.1 | |
| SSH Tectia Connector | =4.1.5 | |
| SSH Tectia Server | =4.3.5 | |
| SSH Tectia Server | =6.0.3 | |
| SSH Tectia Server | =5.3.3 | |
| SSH Tectia Server | =4.4.11 | |
| SSH Tectia Client | =4.0.1 | |
| SSH Tectia Server | =4.0.3 | |
| SSH Tectia Client | =4.2.1 | |
| SSH Tectia Server | =5.1.2 | |
| SSH Tectia Connector | =4.4.4 | |
| SSH Tectia Client | =4.2 | |
| SSH Tectia Connector | =5.3.8 | |
| SSH Tectia Server | =4.4.10 | |
| SSH Tectia Server | =5.1.0 | |
| SSH Tectia Connector | =5.3.7 | |
| SSH Tectia Client | =5.0.0 | |
| SSH Tectia ConnectSecure | =6.0.0 | |
| SSH Tectia Connector | =4.4.7 | |
| SSH Tectia Connector | =4.4.6 | |
| SSH Tectia Client | =4.4.2 | |
| SSH Tectia ConnectSecure | =6.0.3 | |
| SSH Tectia Client | =4.4.10 | |
| SSH Tectia Connector | =5.0.2 | |
| SSH Tectia Server | =5.0.1 | |
| SSH Tectia Client | =4.3.3 | |
| SSH Tectia Server | =4.1.2 | |
| SSH Tectia Client | =5.3.7 | |
| SSH Tectia Server | =6.0.0 | |
| SSH Tectia Server | =5.3.0 | |
| SSH Tectia Server | =4.1.3 | |
| SSH Tectia Server | =5.2.2 | |
| SSH Tectia Client | =6.0.3 | |
| SSH Tectia Client | =4.4.8 | |
| SSH Tectia ConnectSecure | =6.0.1 | |
| SSH Tectia Server | =5.3.6 | |
| SSH Tectia Client | =4.4.3 | |
| SSH Tectia Connector | =5.0.0 | |
| SSH Tectia Client | =4.3 | |
| SSH Tectia Server | =4.2.2 | |
| SSH Tectia Server | =5.2.0 | |
| SSH Tectia Connector | =5.1.3 | |
| SSH Tectia Server | =5.1.1 | |
| SSH Tectia Server | =4.3.4 | |
| SSH Tectia Server | =4.4.8 | |
| SSH Tectia Server | =4.3.1 | |
| SSH Tectia Server | =4.0.5 | |
| SSH Tectia Server | =5.3.7 | |
| SSH Tectia Client | =6.0.1 | |
| SSH Tectia Server | =5.5.0 | |
| SSH Tectia Connector | =5.2.2 | |
| SSH Tectia Client | =6.0.0 | |
| SSH Tectia Client | =4.3.7 | |
| SSH Tectia Client | =4.4.9 | |
| SSH Tectia Server | =4.4.9 | |
| SSH Tectia Server | =5.2.4 | |
| SSH Tectia Server | =6.0.4 | |
| SSH Tectia Client | =4.0 | |
| SSH Tectia Client | =5.2.4 | |
| SSH Tectia Client | =5.1.1 | |
| SSH Tectia Client | =5.3.1 | |
| SSH Tectia Server | =4.4.2 | |
| SSH Tectia Client | =5.0.1 | |
| SSH Tectia Client | =5.3.0 | |
| SSH Tectia Server | =6.0.1 | |
| SSH Tectia Server | =5.4.2 | |
| SSH Tectia Server | =4.1.5 | |
| SSH Tectia Server | =6.0.2 | |
| SSH Tectia Client | =4.0.5 | |
| SSH Tectia Server | =5.3.1 | |
| SSH Tectia Client | =5.3.6 | |
| SSH Tectia Server | =4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/49872
- http://www.ssh.com/company/news/article/953/
- http://secunia.com/advisories/32760
- http://www.securitytracker.com/id?1021235
- http://www.securitytracker.com/id?1021236
- http://secunia.com/advisories/32740
- http://isc.sans.org/diary.html?storyid=5366
- http://www.securityfocus.com/bid/32319
- http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
- http://openssh.org/txt/cbc.adv
- http://support.attachmate.com/techdocs/2398.html
- http://www.kb.cert.org/vuls/id/958563
- http://secunia.com/advisories/32833
- http://osvdb.org/50035
- http://osvdb.org/50036
- http://secunia.com/advisories/33308
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
- http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
- http://www.securitytracker.com/id?1021382
- http://secunia.com/advisories/33121
- http://secunia.com/advisories/34857
- http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
- http://www.vupen.com/english/advisories/2009/1135
- http://marc.info/?l=bugtraq&m=125017764422557&w=2
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://support.apple.com/kb/HT3937
- http://www.vupen.com/english/advisories/2009/3184
- http://www.vupen.com/english/advisories/2008/3173
- http://www.vupen.com/english/advisories/2008/3172
- http://www.vupen.com/english/advisories/2008/3409
- http://secunia.com/advisories/36558
- http://rhn.redhat.com/errata/RHSA-2009-1287.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
- https://kc.mcafee.com/corporate/index?page=content&id=SB10163
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://kc.mcafee.com/corporate/index?page=content&id=SB10106
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
- http://www.securityfocus.com/archive/1/498579/100/0/threaded
- http://www.securityfocus.com/archive/1/498558/100/0/threaded
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ssh
- canonical/ssh tectia server
- version/ssh tectia server/5.0.3
- canonical/ssh tectia connector
- version/ssh tectia connector/4.4.2
- canonical/ssh tectia client
- version/ssh tectia client/5.0.3f
- version/ssh tectia server/4.4.6
- version/ssh tectia client/5.0.2
- version/ssh tectia server/5.2.0
- version/ssh tectia connector/4.3.0
- version/ssh tectia server/4.3
- version/ssh tectia client/5.2.3
- version/ssh tectia server/5.3.0
- version/ssh tectia client/4.0.3
- version/ssh tectia client/4.3.4
- version/ssh tectia server/5.1.3
- version/ssh tectia server/5.3.4
- version/ssh tectia server/5.3.5
- version/ssh tectia client/5.0.0f
- version/ssh tectia client/4.4.6
- version/ssh tectia connector/4.2.0
- version/ssh tectia connector/4.3.5
- version/ssh tectia server/5.1.1
- version/ssh tectia server/4.2.1
- version/ssh tectia connector/5.0.1
- version/ssh tectia server/4.2.0
- version/ssh tectia server/4.0.7
- version/ssh tectia connector/4.1.3
- version/ssh tectia server/5.3.8
- version/ssh tectia client/4.3.6
- version/ssh tectia client/5.0.1f
- version/ssh tectia client/4.4.1
- version/ssh tectia client/5.0.2f
- version/ssh tectia client/6.0.2
- version/ssh tectia client/4.3.1j
- version/ssh tectia server/5.4.0
- version/ssh tectia server/5.5.1
- version/ssh tectia server/6.0.0
- version/ssh tectia connector/5.1.0
- version/ssh tectia server/5.0.2
- version/ssh tectia connector/5.3.1
- version/ssh tectia client/6.0.4
- version/ssh tectia server/5.3.2
- version/ssh tectia server/4.4.7
- canonical/ssh tectia connectsecure
- version/ssh tectia connectsecure/6.0.4
- version/ssh tectia client/5.3.2
- version/ssh tectia client/4.3.1
- version/ssh tectia server/5.2.2
- version/ssh tectia server/4.3.0
- version/ssh tectia server/4.4.0
- version/ssh tectia server/6.0.4
- version/ssh tectia client/5.2.1
- version/ssh tectia connector/4.4.9
- version/ssh tectia client/4.3.5
- version/ssh tectia server/4.4.1
- version/ssh tectia client/5.1.2
- version/ssh tectia server/6.0.1
- version/ssh tectia server/5.2.1
- version/ssh tectia server/5.0.0
- version/ssh tectia client/4.4.4
- version/ssh tectia server/4.3.7
- version/ssh tectia server/5.2.3
- version/ssh tectia connector/5.1.2
- version/ssh tectia server/4.4.4
- version/ssh tectia server/4.0
- version/ssh tectia connectsecure/6.0.2
- version/ssh tectia connector/4.4.10
- version/ssh tectia client/4.0.4
- version/ssh tectia connector/5.3.0
- version/ssh tectia connector/5.1.1
- version/ssh tectia connector/5.0.3
- version/ssh tectia client/4.4.11
- version/ssh tectia connector/4.1.2
- version/ssh tectia client/5.1.3
- version/ssh tectia client/5.3.3
- version/ssh tectia client/4.4
- version/ssh tectia client/5.0.3
- version/ssh tectia client/5.2.2
- version/ssh tectia server/4.4.5
- version/ssh tectia client/4.3.2j
- version/ssh tectia server/4.3.6
- version/ssh tectia client/4.3.8k
- version/ssh tectia server/4.3.3
- version/ssh tectia connector/4.0.7
- version/ssh tectia client/5.3.5
- version/ssh tectia client/4.3.2
- version/ssh tectia connector/4.4.0
- version/ssh tectia connector/5.3.2
- version/ssh tectia client/5.3.8
- version/ssh tectia connector/4.3.4
- version/ssh tectia client/5.1.0
- version/ssh tectia client/5.2.0
- version/ssh tectia client/4.3.9k
- version/ssh tectia server/4.3.2
- version/ssh tectia server/4.0.4
- vendor/openbsd
- canonical/openssh
- version/openssh/4.7p1
- version/ssh tectia connector/5.3.3
- version/ssh tectia client/4.4.7
- version/ssh tectia server/5.4.1
- version/ssh tectia connector/4.1.5
- version/ssh tectia server/4.3.5
- version/ssh tectia server/6.0.3
- version/ssh tectia server/5.3.3
- version/ssh tectia server/4.4.11
- version/ssh tectia client/4.0.1
- version/ssh tectia server/4.0.3
- version/ssh tectia client/4.2.1
- version/ssh tectia server/5.1.2
- version/ssh tectia connector/4.4.4
- version/ssh tectia client/4.2
- version/ssh tectia connector/5.3.8
- version/ssh tectia server/4.4.10
- version/ssh tectia server/5.1.0
- version/ssh tectia connector/5.3.7
- version/ssh tectia client/5.0.0
- version/ssh tectia connectsecure/6.0.0
- version/ssh tectia connector/4.4.7
- version/ssh tectia connector/4.4.6
- version/ssh tectia client/4.4.2
- version/ssh tectia connectsecure/6.0.3
- version/ssh tectia client/4.4.10
- version/ssh tectia connector/5.0.2
- version/ssh tectia server/5.0.1
- version/ssh tectia client/4.3.3
- version/ssh tectia server/4.1.2
- version/ssh tectia client/5.3.7
- version/ssh tectia server/4.1.3
- version/ssh tectia client/6.0.3
- version/ssh tectia client/4.4.8
- version/ssh tectia connectsecure/6.0.1
- version/ssh tectia server/5.3.6
- version/ssh tectia client/4.4.3
- version/ssh tectia connector/5.0.0
- version/ssh tectia client/4.3
- version/ssh tectia server/4.2.2
- version/ssh tectia connector/5.1.3
- version/ssh tectia server/4.3.4
- version/ssh tectia server/4.4.8
- version/ssh tectia server/4.3.1
- version/ssh tectia server/4.0.5
- version/ssh tectia server/5.3.7
- version/ssh tectia client/6.0.1
- version/ssh tectia server/5.5.0
- version/ssh tectia connector/5.2.2
- version/ssh tectia client/6.0.0
- version/ssh tectia client/4.3.7
- version/ssh tectia client/4.4.9
- version/ssh tectia server/4.4.9
- version/ssh tectia server/5.2.4
- version/ssh tectia client/4.0
- version/ssh tectia client/5.2.4
- version/ssh tectia client/5.1.1
- version/ssh tectia client/5.3.1
- version/ssh tectia server/4.4.2
- version/ssh tectia client/5.0.1
- version/ssh tectia client/5.3.0
- version/ssh tectia server/5.4.2
- version/ssh tectia server/4.1.5
- version/ssh tectia server/6.0.2
- version/ssh tectia client/4.0.5
- version/ssh tectia server/5.3.1
- version/ssh tectia client/5.3.6
- version/ssh tectia server/4.4