[ubuntu-hardened] OpenVAS Vulnerability on Ubuntu Linux Server 8.04
kaushalshriyan at gmail.com
Tue Nov 16 13:20:18 GMT 2010
Can someone please suggest/guide me about the below vulnerability. I
have ran OpenVAS Scanner and it reports that vulnerability. The
affected server is Ubuntu 8.04.
OpenSSH CBC Mode Information Disclosure Vulnerability
Overview: The host is installed with OpenSSH and is prone to information
The flaw is caused due to the improper handling of errors within an SSH session
encrypted with a block cipher algorithm in the Cipher-Block Chaining 'CBC' mode.
Successful exploits will allow attackers to obtain four bytes of plaintext from
an encrypted session.
Impact Level: Application
Versions prior to OpenSSH 5.2 are vulnerable. Various versions of SSH Tectia
are also affected.
Fix: Upgrade to higher version
CVE : CVE-2008-5161
BID : 32319
Thanks and Regards
More information about the ubuntu-hardened