[ubuntu-hardened] OpenVAS Vulnerability on Ubuntu Linux Server 8.04
jeffschroeder at computer.org
Tue Nov 16 13:23:04 GMT 2010
On Tue, Nov 16, 2010 at 5:20 AM, Kaushal Shriyan
<kaushalshriyan at gmail.com> wrote:
> Can someone please suggest/guide me about the below vulnerability. I
> have ran OpenVAS Scanner and it reports that vulnerability. The
> affected server is Ubuntu 8.04.
> OpenSSH CBC Mode Information Disclosure Vulnerability
> Risk: Medium
> Application: ssh
> Port: 22
> Protocol: tcp
> ScriptID: 100153
> Overview: The host is installed with OpenSSH and is prone to information
> disclosure vulnerability.
> Vulnerability Insight:
> The flaw is caused due to the improper handling of errors within an SSH session
> encrypted with a block cipher algorithm in the Cipher-Block Chaining 'CBC' mode.
> Successful exploits will allow attackers to obtain four bytes of plaintext from
> an encrypted session.
> Impact Level: Application
> Affected Software/OS:
> Versions prior to OpenSSH 5.2 are vulnerable. Various versions of SSH Tectia
> are also affected.
> Fix: Upgrade to higher version
> CVE : CVE-2008-5161
> BID : 32319
> Thanks and Regards
Don't drink and derive, alcohol and analysis don't mix.
More information about the ubuntu-hardened