LOW✓ PATCH🇵🇱 Wersja polska

CVE-2008-5161

CVSS 3.7v2.0pub. 2008-11-19upd. 2026-05-28

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Openbsd OpenSSH

    APP
    Openbsd
    4.7p1
  • Ssh Tectia Client

    APP
    Ssh
    4.04.0.14.0.34.0.44.0.54.24.2.14.34.3.14.3.1j4.3.24.3.2j4.3.34.3.44.3.5+ 45 więcej
  • Ssh Tectia Connector

    APP
    Ssh
    4.0.74.1.24.1.34.1.54.2.04.3.04.3.44.3.54.4.04.4.104.4.24.4.44.4.64.4.74.4.9+ 15 więcej
  • Ssh Tectia Connectsecure

    APP
    Ssh
    6.0.06.0.16.0.26.0.36.0.4
  • Ssh Tectia Server

    APP
    Ssh
    4.04.0.34.0.44.0.5
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2023-38408CRITICAL9.8ten sam produkt

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leadin...

CVE-2023-28531CRITICAL9.8ten sam produkt

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constr...

CVE-2016-1908CRITICAL9.8ten sam produkt

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies o...

CVE-2010-4478CRITICAL9.8ten sam produkt

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAK...

CVE-2002-0639CRITICAL9.8ten sam produkt

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during...