[ubuntu-hardened] OpenVAS Vulnerability on Ubuntu Linux Server 8.04

Jeff Schroeder jeffschroeder at computer.org
Tue Nov 16 13:23:04 GMT 2010


On Tue, Nov 16, 2010 at 5:20 AM, Kaushal Shriyan
<kaushalshriyan at gmail.com> wrote:
> Hi,
>
> Can someone please suggest/guide me about the below vulnerability. I
> have ran OpenVAS Scanner and it reports that vulnerability. The
> affected server is Ubuntu 8.04.
>
> Medium
> OpenSSH CBC Mode Information Disclosure Vulnerability
> Risk: Medium
> Application: ssh
> Port: 22
> Protocol: tcp
> ScriptID: 100153
> Overview: The host is installed with OpenSSH and is prone to information
> disclosure vulnerability.
> Vulnerability Insight:
> The flaw is caused due to the improper handling of errors within an SSH session
> encrypted with a block cipher algorithm in the Cipher-Block Chaining 'CBC' mode.
> Impact:
> Successful exploits will allow attackers to obtain four bytes of plaintext from
> an encrypted session.
> Impact Level: Application
> Affected Software/OS:
> Versions prior to OpenSSH 5.2 are vulnerable. Various versions of SSH Tectia
> are also affected.
> Fix: Upgrade to higher version
> http://www.openssh.com/portable.html
> References:
> http://www.securityfocus.com/bid/32319
> CVE : CVE-2008-5161
> BID : 32319
>
> Thanks and Regards
>
> Kaushal

https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/379329



-- 
Jeff Schroeder

Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com



More information about the ubuntu-hardened mailing list