Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2008-5161

Published: 19/11/2008 Updated: 11/10/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 232
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Subscribe to Openbsd

Vulnerability Summary

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 up to and including 4.4.11, 5.0 up to and including 5.2.4, and 5.3 up to and including 5.3.8; Client and Server and ConnectSecure 6.0 up to and including 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and previous versions, 6.0.0, and 6.0.1; and Client 4.0-J up to and including 4.3.3-J and 4.0-K up to and including 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote malicious users to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openssh 4.7p1

ssh tectia client 4.0

ssh tectia client 4.0.1

ssh tectia client 4.3.1

ssh tectia client 4.3.1j

ssh tectia client 4.3.2

ssh tectia client 4.3.8k

ssh tectia client 4.3.9k

ssh tectia client 4.4.7

ssh tectia client 4.4.8

ssh tectia server 4.3

ssh tectia server 4.3.1

ssh tectia server 4.4.2

ssh tectia server 4.4.4

ssh tectia server 4.4.10

ssh tectia server 4.4.11

ssh tectia connector 4.3.5

ssh tectia connector 4.4.0

ssh tectia connector 5.0.0

ssh tectia connector 5.0.1

ssh tectia client 4.0.5

ssh tectia client 4.2

ssh tectia client 4.3.4

ssh tectia client 4.3.5

ssh tectia client 4.4.2

ssh tectia client 4.4.3

ssh tectia client 4.4.11

ssh tectia server 4.0

ssh tectia server 4.3.4

ssh tectia server 4.3.5

ssh tectia server 4.4.6

ssh tectia server 4.4.7

ssh tectia connector 4.1.3

ssh tectia connector 4.1.5

ssh tectia connector 4.4.6

ssh tectia connector 4.4.7

ssh tectia connector 5.1.0

ssh tectia connector 5.1.2

ssh tectia server 4.1.5

ssh tectia server 4.2.0

ssh tectia server 4.2.2

ssh tectia server 5.0.3

ssh tectia server 5.1.0

ssh tectia server 5.2.4

ssh tectia client 5.0.0

ssh tectia client 5.1.0

ssh tectia client 5.1.1

ssh tectia client 5.2.4

ssh tectia client 5.3.0

ssh tectia client 5.3.8

ssh tectia server 5.3.0

ssh tectia server 5.3.8

ssh tectia server 6.0.0

ssh tectia client 6.0.2

ssh tectia client 6.0.3

ssh tectia server 6.0.4

ssh tectia server 5.5.1

ssh tectia server 5.2.2

ssh tectia server 5.1.1

ssh tectia connector 5.3.3

ssh tectia client 4.0.3

ssh tectia client 4.0.4

ssh tectia client 4.3.2j

ssh tectia client 4.3.3

ssh tectia client 4.4

ssh tectia client 4.4.1

ssh tectia client 4.4.9

ssh tectia client 4.4.10

ssh tectia server 4.3.2

ssh tectia server 4.3.3

ssh tectia server 4.4

ssh tectia server 4.4.1

ssh tectia connector 4.0.7

ssh tectia connector 4.1.2

ssh tectia connector 4.4.2

ssh tectia connector 4.4.4

ssh tectia connector 5.0.2

ssh tectia connector 5.0.3

ssh tectia server 4.1.2

ssh tectia server 4.1.3

ssh tectia server 5.0.1

ssh tectia server 5.0.2

ssh tectia server 5.2.3

ssh tectia client 5.0.2

ssh tectia client 5.0.3f

ssh tectia client 5.0.3

ssh tectia client 5.2.2

ssh tectia client 5.2.3

ssh tectia client 5.3.6

ssh tectia client 5.3.7

ssh tectia server 5.3.6

ssh tectia server 5.3.7

ssh tectia client 6.0.0

ssh tectia client 6.0.1

ssh tectia connectsecure 6.0.3

ssh tectia connectsecure 6.0.4

ssh tectia server 5.2.0

ssh tectia server 5.2.1

ssh tectia connector 5.3.1

ssh tectia connector 5.3.2

ssh tectia server 4.0.5

ssh tectia server 4.0.7

ssh tectia server 4.4.5

ssh tectia server 5.0.0

ssh tectia server 5.1.3

ssh tectia client 5.0.1

ssh tectia client 5.0.1f

ssh tectia client 5.2.0

ssh tectia client 5.2.1

ssh tectia client 5.3.3

ssh tectia client 5.3.5

ssh tectia server 5.3.3

ssh tectia server 5.3.4

ssh tectia server 5.3.5

ssh tectia server 6.0.3

ssh tectia connectsecure 6.0.1

ssh tectia connectsecure 6.0.2

ssh tectia server 5.4.1

ssh tectia server 5.4.2

ssh tectia connector 5.1.1

ssh tectia connector 5.3.0

ssh tectia client 4.2.1

ssh tectia client 4.3

ssh tectia client 4.3.6

ssh tectia client 4.3.7

ssh tectia client 4.4.4

ssh tectia client 4.4.6

ssh tectia server 4.0.3

ssh tectia server 4.0.4

ssh tectia server 4.2.1

ssh tectia server 4.3.6

ssh tectia server 4.3.7

ssh tectia server 4.4.8

ssh tectia server 4.4.9

ssh tectia connector 4.2.0

ssh tectia connector 4.3.0

ssh tectia connector 4.3.4

ssh tectia connector 4.4.9

ssh tectia connector 4.4.10

ssh tectia connector 5.1.3

ssh tectia connector 5.2.2

ssh tectia server 4.3.0

ssh tectia server 4.4.0

ssh tectia server 5.1.2

ssh tectia client 5.0.0f

ssh tectia client 5.0.2f

ssh tectia client 5.1.2

ssh tectia client 5.1.3

ssh tectia client 5.3.1

ssh tectia client 5.3.2

ssh tectia server 5.3.1

ssh tectia server 5.3.2

ssh tectia server 6.0.1

ssh tectia server 6.0.2

ssh tectia client 6.0.4

ssh tectia connectsecure 6.0.0

ssh tectia server 5.5.0

ssh tectia server 5.4.0

ssh tectia connector 5.3.8

ssh tectia connector 5.3.7

Github Repositories

https://github.com/ekiojp/hanase

Make Faraday speak Japanese

hanase Speak Japanese! / 日本語で話せ! A simple tool to make Faraday Status Report (Vulnerabilities name, description, severiry, references, etc) in Japanese The trick is actually on getting CVE numbers of each vulnerability, in Japan we have a public CVE DB (in Japanese of course) where we can lookup for CVE's, called JVN iPedia Also, will add the JVN CVE's f

https://github.com/AAROC/harden-ssh

A role to harden ssh on various platforms

harden-ssh A role to harden ssh on various platforms Tested platforms: Scientific Linux 6 Vulnerabilities Addressed CVE-2008-5161 (weak ciphers) References and Related material Ciphers, MACs, OpenSSH Configuration developeribmcom/answers/questions/187318/faq-how-do-i-disable-cipher-block-chaining-cbc-modhtml stribikagithubio/2015/01/04/secure-secure-s

https://github.com/saib2018/Wordpress_Red_Blue_Teaming

Wordpress - Red and Blue Teaming to identify attack vectors and find ways to defend against the attacks

Wordpress_Red_Blue_Teaming Red Team: Summary of Operations Table of Contents Exposed Services Critical Vulnerabilities Exploitation Exposed Services Target 1 List of Exposed Services Ports - 22/tcp - ssh 80/tcp - http 111/tcp - rpcbind Nmap scan results for each machine reveal the below services and OS details: $ nmap -sV -sC 1921681110

https://github.com/MOffSec/OpenSSH_4.7p1-Exploit

OpenSSH 47p1 CVE-2008-5161 Exploit Exploit Description The script first checks the version of the target SSH service to confirm that it is running OpenSSH version 47p1 If the version is correct, the script sets up the necessary parameters for the brute-force attack using a list of usernames and passwords from a wordlist file The script then launches the exploit and waits fo

References

CWE-200http://osvdb.org/49872http://www.ssh.com/company/news/article/953/http://secunia.com/advisories/32760http://www.securitytracker.com/id?1021235http://www.securitytracker.com/id?1021236http://secunia.com/advisories/32740http://isc.sans.org/diary.html?storyid=5366http://www.securityfocus.com/bid/32319http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txthttp://openssh.org/txt/cbc.advhttp://support.attachmate.com/techdocs/2398.htmlhttp://www.kb.cert.org/vuls/id/958563http://secunia.com/advisories/32833http://osvdb.org/50035http://osvdb.org/50036http://secunia.com/advisories/33308http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1http://support.avaya.com/elmodocs2/security/ASA-2008-503.htmhttp://www.securitytracker.com/id?1021382http://secunia.com/advisories/33121http://secunia.com/advisories/34857http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.htmlhttp://www.vupen.com/english/advisories/2009/1135http://marc.info/?l=bugtraq&m=125017764422557&w=2http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://support.apple.com/kb/HT3937http://www.vupen.com/english/advisories/2009/3184http://www.vupen.com/english/advisories/2008/3173http://www.vupen.com/english/advisories/2008/3172http://www.vupen.com/english/advisories/2008/3409http://secunia.com/advisories/36558http://rhn.redhat.com/errata/RHSA-2009-1287.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667https://kc.mcafee.com/corporate/index?page=content&id=SB10163http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705https://kc.mcafee.com/corporate/index?page=content&id=SB10106https://exchange.xforce.ibmcloud.com/vulnerabilities/46620https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279http://www.securityfocus.com/archive/1/498579/100/0/threadedhttp://www.securityfocus.com/archive/1/498558/100/0/threadedhttps://nvd.nist.govhttps://github.com/ekiojp/hanase
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook