OpenSSH CBC Mode Information Disclosure Vulnerability Network Vulnerability

Summary

The host is installed with OpenSSH and is prone to information disclosure vulnerability.

Impact

Successful exploits will allow attackers to obtain four bytes of plaintext from an encrypted session. Impact Level: Application

Solution

Upgrade to higher version http://www.openssh.com/portable.html

Insight

The flaw is due to the improper handling of errors within an SSH session encrypted with a block cipher algorithm in the Cipher-Block Chaining 'CBC' mode.

Affected

- SSH Communications Security Tectia Client and Server version 6.0.4 and prior - SSH Communications Security Tectia ConnectSecure version 6.0.4 and prior - OpenSSH OpenSSH version 4.7p1 and prior

References

http://secunia.com/advisories/32760/
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5161
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Detection of Dangerous ActiveX Control
FTPShell Server Version Detection
CuteNews Detection
cfengine detection and local identification
Apple Safari Information Disclosure Vulnerability Dec13 (Mac OS X)

Take action and discover your vulnerabilities