CVE-2008-5161 — LOW (2.6) — White Hats Nepal

Vulnerability Description

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

CVSS Score

2.6

LOW

AV:N/AC:H/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Openbsd	Openssh	4.7p1
Ssh	Tectia Client	4.0
Ssh	Tectia Connector	4.0.7
Ssh	Tectia Connectsecure	6.0.0
Ssh	Tectia Server	4.0

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2008-5161?

CVE-2008-5161 is a vulnerability with a CVSS score of 2.6 (LOW). Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4...

How severe is CVE-2008-5161?

CVE-2008-5161 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-5161?

Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh, Ssh Tectia Client, Ssh Tectia Connector, Ssh Tectia Connectsecure, Ssh Tectia Server.