[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 21 Nov 2008 16:20:44 +0300
From: Eygene Ryabinkin <rea-sec@...elabs.ru>
To: oss-security@...ts.openwall.com
Cc: coley@...re.org
Subject: Re: CVE Request (ssh)
Thu, Nov 20, 2008 at 09:12:42PM -0500, Steven M. Christey wrote:
> ======================================================
> Name: CVE-2008-5161
>
> Error handling in the SSH protocol in (1) SSH Tectia Client and Server
> and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through
> 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server
> for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and
> earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K
> through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions,
> when using a block cipher algorithm in Cipher Block Chaining (CBC)
> mode, makes it easier for remote attackers to recover certain
> plaintext data from an arbitrary block of ciphertext in an SSH session
> via unknown vectors.
As was kindly answered to me in the freebsd-security list, OpenSSH's
response is here: http://openssh.org/txt/cbc.adv
--
Eygene
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
