← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

Candidate: CVE-2008-5161
PublicDate: 2008-11-19
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5161
 http://www.openssh.com/txt/cbc.adv
Description:
 Error handling in the SSH protocol in (1) SSH Tectia Client and Server and
 Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8;
 Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on
 IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and
 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2)
 OpenSSH 4.7p1 and possibly other versions, when using a block cipher
 algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote
 attackers to recover certain plaintext data from an arbitrary block of
 ciphertext in an SSH session via unknown vectors.
Ubuntu-Description:
Notes:
 jdstrand> very difficult to exploit
 jdstrand> as of 1:5.1p1-5 (Ubuntu 9.04 and later), the packet_disconnect()
  patch helps mitigate this and should reduce the success probability for the
  CPNI-957037 Plaintext Recovery Attack to 2^-18.
 jdstrand> can backport packet_disconnect() patch to 8.10 with next update.
  Will have to review feasibility of backport to 8.04 and 6.06 at next update.
 jdstrand> mitigation is to use AES CTR and arcfour ciphers and prefer them
  using the following line in sshd_config and ssh_config:
  Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/379329
Priority: low
Discovered-by:
Assigned-to:

Patches_openssh:
upstream_openssh: released (5.2p1)
dapper_openssh: ignored (reached end-of-life)
gutsy_openssh: needed (reached end-of-life)
hardy_openssh: ignored (reached end-of-life)
intrepid_openssh: needed (reached end-of-life)
jaunty_openssh: ignored (very low probablity)
karmic_openssh: ignored (very low probablity)
lucid_openssh: not-affected (1:5.2p1-1ubuntu1)
maverick_openssh: not-affected (1:5.2p1-1ubuntu1)
natty_openssh: not-affected (1:5.2p1-1ubuntu1)
oneiric_openssh: not-affected (1:5.2p1-1ubuntu1)
precise_openssh: not-affected (1:5.2p1-1ubuntu1)
quantal_openssh: not-affected (1:5.2p1-1ubuntu1)
raring_openssh: not-affected (1:5.2p1-1ubuntu1)
devel_openssh: not-affected (1:5.2p1-1ubuntu1)