CVE-2008-5161Sensitive Information Exposure in Openssh

CWE-200Sensitive Information Exposure7 documents7 sources
Severity
2.6LOWNVD
EPSS
2.7%
top 13.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Openbsd OpensshSSH Tectia ClientSSH Tectia Connector+2 more
Timeline
PublishedNov 19
Latest updateMay 14

Description

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages6 packages

NVDssh/tectia_server64 versions+63
NVDssh/tectia_client60 versions+59
NVDssh/tectia_connector30 versions+29
NVDssh/tectia_connectsecure5 versions+4
Debianopenbsd/openssh< 1:5.1p1-5+3

🔴Vulnerability Details

3
GHSA
GHSA-c9pj-mwph-2xjm: Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 42022-05-14
CVEList
CVE-2008-5161: Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 42008-11-19
OSV
CVE-2008-5161: Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 42008-11-19

📋Vendor Advisories

2
Red Hat
OpenSSH: Plaintext Recovery Attack against CBC ciphers2008-11-19
Debian
CVE-2008-5161: openssh - Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Conne...2008

💬Community

1
Bugzilla
CVE-2008-5161 OpenSSH: Plaintext Recovery Attack against CBC ciphers2008-11-18
CVE-2008-5161 — Sensitive Information Exposure | cvebase