CVE-2008-5161: CVE-2008-5161

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-5161

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenSSH CBC模式信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenSSH是一种开放源码的SSH协议的实现，初始版本用于OpenBSD平台，现在已经被移植到多种Unix/Linux类操作系统下。如果配置为CBC模式的话，OpenSSH没有正确地处理分组密码算法加密的SSH会话中所出现的错误，导致可能泄露密文中任意块最多32位纯文本。在以标准配置使用OpenSSH时，攻击者恢复32位纯文本的成功概率为2^{-18}，此外另一种攻击变种恢复14位纯文本的成功概率为2^{-14}。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2008-5161

#	POC Description	Source Link	Shenlong Link
1	CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools.	https://github.com/talha3117/OpenSSH-4.7p1-CVE-2008-5161-Exploit	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2008-5161

Please Login to view more intelligence information

http://support.attachmate.com/techdocs/2398.htmlx_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705x_refsource_CONFIRM
http://isc.sans.org/diary.html?storyid=5366x_refsource_MISC
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667x_refsource_CONFIRM
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txtx_refsource_MISC
http://www.ssh.com/company/news/article/953/x_refsource_CONFIRM
http://openssh.org/txt/cbc.advx_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10106x_refsource_CONFIRM
http://support.apple.com/kb/HT3937x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10163x_refsource_CONFIRM
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.htmlx_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2008-503.htmx_refsource_MISC
http://secunia.com/advisories/32760third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/32740third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/49872vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/32833third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/33121third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/50036vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/36558third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/50035vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/33308third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/32319vdb-entryx_refsource_BID
http://secunia.com/advisories/34857third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1vendor-advisoryx_refsource_SUNALERT
http://www.securitytracker.com/id?1021382vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1021236vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1021235vdb-entryx_refsource_SECTRACK
http://www.kb.cert.org/vuls/id/958563third-party-advisoryx_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=125017764422557&w=2vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2009/1135vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/3173vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/3184vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/3409vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/3172vdb-entryx_refsource_VUPEN
http://rhn.redhat.com/errata/RHSA-2009-1287.htmlvendor-advisoryx_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlvendor-advisoryx_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/archive/1/498558/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/498579/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2008-5161

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2008-5161

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2008-5161

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2008-5161

III. Intelligence Information for CVE-2008-5161

IV. Related Vulnerabilities

V. Comments for CVE-2008-5161

Leave a comment