Fluid Attacks Database

Description

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	openssh	<0:4.3p2-36.el5	0:4.3p2-36.el5
debian 11	openssh	>=0 <1:5.1p1-5	1:5.1p1-5
debian 12	openssh	>=0 <1:5.1p1-5	1:5.1p1-5
debian 13	openssh	>=0 <1:5.1p1-5	1:5.1p1-5
debian 14	openssh	>=0 <1:5.1p1-5	1:5.1p1-5

Aliases

1. CVE-2008-51612. NVD-2008-51613. OSV-2008-51614. OSV-DEBIAN-2008-51615. SECURITY-TRACKER-CVE-2008-5161

References

1. https://github.com/talha3117/OpenSSH-4.7p1-CVE-2008-5161-Exploit

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.