Quantcast
Ubuntu ubuntu-hardened

OpenVAS Vulnerability on Ubuntu Linux Server 8.04

classic Classic list List threaded Threaded
2 messages Options
Kaushal Shriyan-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

OpenVAS Vulnerability on Ubuntu Linux Server 8.04

Kaushal Shriyan-2
Hi,

Can someone please suggest/guide me about the below vulnerability. I
have ran OpenVAS Scanner and it reports that vulnerability. The
affected server is Ubuntu 8.04.

Medium
OpenSSH CBC Mode Information Disclosure Vulnerability
Risk: Medium
Application: ssh
Port: 22
Protocol: tcp
ScriptID: 100153
Overview: The host is installed with OpenSSH and is prone to information
disclosure vulnerability.
Vulnerability Insight:
The flaw is caused due to the improper handling of errors within an SSH session
encrypted with a block cipher algorithm in the Cipher-Block Chaining 'CBC' mode.
Impact:
Successful exploits will allow attackers to obtain four bytes of plaintext from
an encrypted session.
Impact Level: Application
Affected Software/OS:
Versions prior to OpenSSH 5.2 are vulnerable. Various versions of SSH Tectia
are also affected.
Fix: Upgrade to higher version
http://www.openssh.com/portable.html
References:
http://www.securityfocus.com/bid/32319
CVE : CVE-2008-5161
BID : 32319

Thanks and Regards

Kaushal

--
ubuntu-hardened mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
Jeff Schroeder-4
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: OpenVAS Vulnerability on Ubuntu Linux Server 8.04

Jeff Schroeder-4
On Tue, Nov 16, 2010 at 5:20 AM, Kaushal Shriyan
<[hidden email]> wrote:

> Hi,
>
> Can someone please suggest/guide me about the below vulnerability. I
> have ran OpenVAS Scanner and it reports that vulnerability. The
> affected server is Ubuntu 8.04.
>
> Medium
> OpenSSH CBC Mode Information Disclosure Vulnerability
> Risk: Medium
> Application: ssh
> Port: 22
> Protocol: tcp
> ScriptID: 100153
> Overview: The host is installed with OpenSSH and is prone to information
> disclosure vulnerability.
> Vulnerability Insight:
> The flaw is caused due to the improper handling of errors within an SSH session
> encrypted with a block cipher algorithm in the Cipher-Block Chaining 'CBC' mode.
> Impact:
> Successful exploits will allow attackers to obtain four bytes of plaintext from
> an encrypted session.
> Impact Level: Application
> Affected Software/OS:
> Versions prior to OpenSSH 5.2 are vulnerable. Various versions of SSH Tectia
> are also affected.
> Fix: Upgrade to higher version
> http://www.openssh.com/portable.html
> References:
> http://www.securityfocus.com/bid/32319
> CVE : CVE-2008-5161
> BID : 32319
>
> Thanks and Regards
>
> Kaushal

https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/379329



--
Jeff Schroeder

Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com

--
ubuntu-hardened mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
Loading...
Powered by Nabble Edit this page