Date: Fri, 21 Nov 2008 16:20:44 +0300 From: Eygene Ryabinkin <rea-sec@...elabs.ru> To: oss-security@...ts.openwall.com Cc: coley@...re.org Subject: Re: CVE Request (ssh) Thu, Nov 20, 2008 at 09:12:42PM -0500, Steven M. Christey wrote: > ====================================================== > Name: CVE-2008-5161 > > Error handling in the SSH protocol in (1) SSH Tectia Client and Server > and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through > 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server > for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and > earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K > through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, > when using a block cipher algorithm in Cipher Block Chaining (CBC) > mode, makes it easier for remote attackers to recover certain > plaintext data from an arbitrary block of ciphertext in an SSH session > via unknown vectors. As was kindly answered to me in the freebsd-security list, OpenSSH's response is here: http://openssh.org/txt/cbc.adv -- Eygene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.