[ubuntu-hardened] OpenVAS Vulnerability on Ubuntu Linux Server 8.04

Kaushal Shriyan kaushalshriyan at gmail.com
Tue Nov 16 13:20:18 GMT 2010


Hi,

Can someone please suggest/guide me about the below vulnerability. I
have ran OpenVAS Scanner and it reports that vulnerability. The
affected server is Ubuntu 8.04.

Medium
OpenSSH CBC Mode Information Disclosure Vulnerability
Risk: Medium
Application: ssh
Port: 22
Protocol: tcp
ScriptID: 100153
Overview: The host is installed with OpenSSH and is prone to information
disclosure vulnerability.
Vulnerability Insight:
The flaw is caused due to the improper handling of errors within an SSH session
encrypted with a block cipher algorithm in the Cipher-Block Chaining 'CBC' mode.
Impact:
Successful exploits will allow attackers to obtain four bytes of plaintext from
an encrypted session.
Impact Level: Application
Affected Software/OS:
Versions prior to OpenSSH 5.2 are vulnerable. Various versions of SSH Tectia
are also affected.
Fix: Upgrade to higher version
http://www.openssh.com/portable.html
References:
http://www.securityfocus.com/bid/32319
CVE : CVE-2008-5161
BID : 32319

Thanks and Regards

Kaushal



More information about the ubuntu-hardened mailing list