#VU68362 Improper handling of exceptional conditions in OpenSSH - CVE-2008-5161


Vulnerability identifier: #VU68362

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2008-5161

CWE-ID: CWE-755

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSH
Server applications / Remote management servers, RDP, SSH

Vendor: OpenSSH

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenSSH: 4.7p1

External links
https://isc.sans.org/diary.html?storyid=5366
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
https://marc.info/?l=bugtraq&m=125017764422557&w=2
https://openssh.org/txt/cbc.adv
https://osvdb.org/49872
https://osvdb.org/50035
https://osvdb.org/50036
https://rhn.redhat.com/errata/RHSA-2009-1287.html
https://secunia.com/advisories/32740
https://secunia.com/advisories/32760
https://secunia.com/advisories/32833
https://secunia.com/advisories/33121
https://secunia.com/advisories/33308
https://secunia.com/advisories/34857
https://secunia.com/advisories/36558
https://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
https://support.apple.com/kb/HT3937
https://support.attachmate.com/techdocs/2398.html
https://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
https://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
https://www.kb.cert.org/vuls/id/958563
https://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
https://www.securityfocus.com/archive/1/498558/100/0/threaded
https://www.securityfocus.com/archive/1/498579/100/0/threaded
https://www.securityfocus.com/bid/32319
https://www.securitytracker.com/id?1021235
https://www.securitytracker.com/id?1021236
https://www.securitytracker.com/id?1021382
https://www.ssh.com/company/news/article/953/
https://www.vupen.com/english/advisories/2008/3172
https://www.vupen.com/english/advisories/2008/3173
https://www.vupen.com/english/advisories/2008/3409
https://www.vupen.com/english/advisories/2009/1135
https://www.vupen.com/english/advisories/2009/3184
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://kc.mcafee.com/corporate/index?page=content&id=SB10106
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Improper handling of exceptional conditions in HPE 6120XG Switches
Improper handling of exceptional conditions in IBM SAN Volume Controller and Storwize Family
Multiple vulnerabilities in Dell EMC PowerMax Embedded NAS (eNAS)
Multiple vulnerabilities in Juniper Networks Session Smart Router