Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
Published 2008-11-19 17:30:01
Updated 2018-10-11 20:54:11
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Information leak

Threat overview for CVE-2008-5161

Top countries where our scanners detected CVE-2008-5161
Top open port discovered on systems with this issue 22
IPs affected by CVE-2008-5161 3,095
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2008-5161!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2008-5161

12.27%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2008-5161

  • SSH Version Scanner
    First seen: 2020-04-26
    auxiliary/scanner/ssh/ssh_version
    Detect SSH Version, and the server encryption Authors: - Daniel van Eeden <metasploit@myname.nl> - h00die

CVSS scores for CVE-2008-5161

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
2.6
LOW AV:N/AC:H/Au:N/C:P/I:N/A:N
4.9
2.9
NIST

CWE ids for CVE-2008-5161

Vendor statements for CVE-2008-5161

  • Red Hat 2009-09-02
    This issue was addressed for Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1287.html After reviewing the upstream fix for this issue, Red Hat does not intend to address this flaw in Red Hat Enterprise Linux 3 or 4 at this time.

References for CVE-2008-5161

Products affected by CVE-2008-5161

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!