CVE-2008-5161
Detail
Modified After Enrichment
This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.
Description
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
Evaluator Description
http://securitytracker.com/alerts/2008/Nov/1021235.html
CBC mode connections are affected
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NVD assessment
not yet provided.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:N/AC:H/Au:N/C:P/I:N/A:N)
Evaluator Solution
With a valid username and password patches are available at the following link:
https://downloads.ssh.com/
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected] .
URL
Source(s)
Tag(s)
http://isc.sans.org/diary.html?storyid=5366
CVE, MITRE
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
CVE, MITRE
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
CVE, MITRE
http://marc.info/?l=bugtraq&m=125017764422557&w=2
CVE, MITRE
http://openssh.org/txt/cbc.adv
CVE, MITRE
http://osvdb.org/49872
CVE, MITRE
http://osvdb.org/50035
CVE, MITRE
http://osvdb.org/50036
CVE, MITRE
http://rhn.redhat.com/errata/RHSA-2009-1287.html
CVE, MITRE
http://secunia.com/advisories/32740
CVE, MITRE
Vendor Advisory
http://secunia.com/advisories/32760
CVE, MITRE
Vendor Advisory
http://secunia.com/advisories/32833
CVE, MITRE
http://secunia.com/advisories/33121
CVE, MITRE
http://secunia.com/advisories/33308
CVE, MITRE
http://secunia.com/advisories/34857
CVE, MITRE
http://secunia.com/advisories/36558
CVE, MITRE
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
CVE, MITRE
http://support.apple.com/kb/HT3937
CVE, MITRE
http://support.attachmate.com/techdocs/2398.html
CVE, MITRE
http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
CVE, MITRE
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
CVE, MITRE
http://www.kb.cert.org/vuls/id/958563
CVE, MITRE
US Government Resource
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
CVE, MITRE
http://www.securityfocus.com/archive/1/498558/100/0/threaded
CVE, MITRE
http://www.securityfocus.com/archive/1/498579/100/0/threaded
CVE, MITRE
http://www.securityfocus.com/bid/32319
CVE, MITRE
http://www.securitytracker.com/id?1021235
CVE, MITRE
http://www.securitytracker.com/id?1021236
CVE, MITRE
http://www.securitytracker.com/id?1021382
CVE, MITRE
http://www.ssh.com/company/news/article/953/
CVE, MITRE
Vendor Advisory
http://www.vupen.com/english/advisories/2008/3172
CVE, MITRE
http://www.vupen.com/english/advisories/2008/3173
CVE, MITRE
http://www.vupen.com/english/advisories/2008/3409
CVE, MITRE
http://www.vupen.com/english/advisories/2009/1135
CVE, MITRE
http://www.vupen.com/english/advisories/2009/3184
CVE, MITRE
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
CVE, MITRE
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
CVE, MITRE
https://kc.mcafee.com/corporate/index?page=content&id=SB10106
CVE, MITRE
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
CVE, MITRE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
CVE, MITRE
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
NIST  
CWE-329
Generation of Predictable IV with CBC Mode
CISA-ADP  
Change History
14 change records found show changes
CVE Modified by CISA-ADP
6/16/2026 6:59:22 PM
Action
Type
Old Value
New Value
Added
SSVC
{"timestamp":"2026-05-28T18:11:31.349651Z","id":"CVE-2008-5161","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}
CVE Modified by MITRE
6/16/2026 6:59:22 PM
Action
Type
Old Value
New Value
Added
Affected
[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]
CVE Modified by CISA-ADP
5/28/2026 3:16:22 PM
Action
Type
Old Value
New Value
Added
CVSS V3.1
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Added
CWE
CWE-329
CVE Status Change
4/22/2026 8:35:47 PM
Action
Type
Old Value
New Value
CVE Modified by CVE
11/20/2024 7:53:25 PM
Action
Type
Old Value
New Value
Added
Reference
http://isc.sans.org/diary.html?storyid=5366
Added
Reference
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Added
Reference
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Added
Reference
http://marc.info/?l=bugtraq&m=125017764422557&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=125017764422557&w=2
Added
Reference
http://openssh.org/txt/cbc.adv
Added
Reference
http://osvdb.org/49872
Added
Reference
http://osvdb.org/50035
Added
Reference
http://osvdb.org/50036
Added
Reference
http://rhn.redhat.com/errata/RHSA-2009-1287.html
Added
Reference
http://secunia.com/advisories/32740
Added
Reference
http://secunia.com/advisories/32760
Added
Reference
http://secunia.com/advisories/32833
Added
Reference
http://secunia.com/advisories/33121
Added
Reference
http://secunia.com/advisories/33308
Added
Reference
http://secunia.com/advisories/34857
Added
Reference
http://secunia.com/advisories/36558
Added
Reference
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
Added
Reference
http://support.apple.com/kb/HT3937
Added
Reference
http://support.attachmate.com/techdocs/2398.html
Added
Reference
http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
Added
Reference
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
Added
Reference
http://www.kb.cert.org/vuls/id/958563
Added
Reference
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
Added
Reference
http://www.securityfocus.com/archive/1/498558/100/0/threaded
Added
Reference
http://www.securityfocus.com/archive/1/498579/100/0/threaded
Added
Reference
http://www.securityfocus.com/bid/32319
Added
Reference
http://www.securitytracker.com/id?1021235
Added
Reference
http://www.securitytracker.com/id?1021236
Added
Reference
http://www.securitytracker.com/id?1021382
Added
Reference
http://www.ssh.com/company/news/article/953/
Added
Reference
http://www.vupen.com/english/advisories/2008/3172
Added
Reference
http://www.vupen.com/english/advisories/2008/3173
Added
Reference
http://www.vupen.com/english/advisories/2008/3409
Added
Reference
http://www.vupen.com/english/advisories/2009/1135
Added
Reference
http://www.vupen.com/english/advisories/2009/3184
Added
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
Added
Reference
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
Added
Reference
https://kc.mcafee.com/corporate/index?page=content&id=SB10106
Added
Reference
https://kc.mcafee.com/corporate/index?page=content&id=SB10163
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
CVE Modified by MITRE
5/13/2024 9:58:45 PM
Action
Type
Old Value
New Value
CVE Modified by MITRE
10/11/2018 4:54:10 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.securityfocus.com/archive/1/498558/100/0/threaded [No Types Assigned]
Added
Reference
http://www.securityfocus.com/archive/1/498579/100/0/threaded [No Types Assigned]
Removed
Reference
http://www.securityfocus.com/archive/1/archive/1/498558/100/0/threaded [No Types Assigned]
Removed
Reference
http://www.securityfocus.com/archive/1/archive/1/498579/100/0/threaded [No Types Assigned]
CVE Modified by MITRE
9/28/2017 9:32:29 PM
Action
Type
Old Value
New Value
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279 [No Types Assigned]
Removed
Reference
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11279 [No Types Assigned]
CVE Modified by MITRE
8/07/2017 9:33:08 PM
Action
Type
Old Value
New Value
Added
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620 [No Types Assigned]
Removed
Reference
http://xforce.iss.net/xforce/xfdb/46620 [No Types Assigned]
CVE Modified by MITRE
1/02/2017 9:59:00 PM
Action
Type
Old Value
New Value
Added
Reference
https://kc.mcafee.com/corporate/index?page=content&id=SB10106 [No Types Assigned]
CVE Modified by MITRE
12/07/2016 10:01:06 PM
Action
Type
Old Value
New Value
Added
Reference
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 [No Types Assigned]
CVE Modified by MITRE
11/28/2016 2:07:04 PM
Action
Type
Old Value
New Value
Added
Reference
https://kc.mcafee.com/corporate/index?page=content&id=SB10163 [No Types Assigned]
CVE Modified by MITRE
6/10/2016 9:59:01 PM
Action
Type
Old Value
New Value
Added
Reference
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
Initial CVE Analysis
8/08/2014 4:54:40 PM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2008-5161 NVD
Published Date: 11/19/2008 NVD
Last Modified: 06/16/2026
Source: MITRE