NVD Vulnerability Detail

CVE-2008-5161

Summary	Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
Summary	http://securitytracker.com/alerts/2008/Nov/1021235.html CBC mode connections are affected
Summary	With a valid username and password patches are available at the following link: https://downloads.ssh.com/
Publication Date	Nov. 20, 2008, 2:30 a.m.
Registration Date	Jan. 29, 2021, 1:45 p.m.
Last Update	Oct. 12, 2018, 5:54 a.m.

CVSS2.0 : LOW
Score	2.6
Vector	AV:N/AC:H/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openbsd:openssh:4.7p1:::::::*
cpe:2.3:a:ssh:tectia_client:4.0:::::::*
cpe:2.3:a:ssh:tectia_client:4.0.1:::::::*
cpe:2.3:a:ssh:tectia_client:4.0.3:::::::*
cpe:2.3:a:ssh:tectia_client:4.0.4:::::::*
cpe:2.3:a:ssh:tectia_client:4.0.5:::::::*
cpe:2.3:a:ssh:tectia_client:4.2:::::::*
cpe:2.3:a:ssh:tectia_client:4.2.1:::::::*
cpe:2.3:a:ssh:tectia_client:4.3:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.1:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.1j:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.2:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.2j:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.3:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.4:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.5:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.6:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.7:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.8k:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.9k:::::::*
cpe:2.3:a:ssh:tectia_client:4.4:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.1:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.2:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.3:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.4:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.6:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.7:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.8:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.9:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.10:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.11:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.0:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.0f:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.1:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.1f:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.2:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.2f:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.3:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.3f:::::::*
cpe:2.3:a:ssh:tectia_client:5.1.0:::::::*
cpe:2.3:a:ssh:tectia_client:5.1.1:::::::*
cpe:2.3:a:ssh:tectia_client:5.1.2:::::::*
cpe:2.3:a:ssh:tectia_client:5.1.3:::::::*
cpe:2.3:a:ssh:tectia_client:5.2.0:::::::*
cpe:2.3:a:ssh:tectia_client:5.2.1:::::::*
cpe:2.3:a:ssh:tectia_client:5.2.2:::::::*
cpe:2.3:a:ssh:tectia_client:5.2.3:::::::*
cpe:2.3:a:ssh:tectia_client:5.2.4:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.0:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.1:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.2:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.3:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.5:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.6:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.7:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.8:::::::*
cpe:2.3:a:ssh:tectia_client:6.0.0:::::::*
cpe:2.3:a:ssh:tectia_client:6.0.1:::::::*
cpe:2.3:a:ssh:tectia_client:6.0.2:::::::*
cpe:2.3:a:ssh:tectia_client:6.0.3:::::::*
cpe:2.3:a:ssh:tectia_client:6.0.4:::::::*
cpe:2.3:a:ssh:tectia_connector:4.0.7:::::::*
cpe:2.3:a:ssh:tectia_connector:4.1.2:::::::*
cpe:2.3:a:ssh:tectia_connector:4.1.3:::::::*
cpe:2.3:a:ssh:tectia_connector:4.1.5:::::::*
cpe:2.3:a:ssh:tectia_connector:4.2.0:::::::*
cpe:2.3:a:ssh:tectia_connector:4.3.0:::::::*
cpe:2.3:a:ssh:tectia_connector:4.3.4:::::::*
cpe:2.3:a:ssh:tectia_connector:4.3.5:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.0:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.2:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.4:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.6:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.7:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.9:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.10:::::::*
cpe:2.3:a:ssh:tectia_connector:5.0.0:::::::*
cpe:2.3:a:ssh:tectia_connector:5.0.1:::::::*
cpe:2.3:a:ssh:tectia_connector:5.0.2:::::::*
cpe:2.3:a:ssh:tectia_connector:5.0.3:::::::*
cpe:2.3:a:ssh:tectia_connector:5.1.0:::::::*
cpe:2.3:a:ssh:tectia_connector:5.1.1:::::::*
cpe:2.3:a:ssh:tectia_connector:5.1.2:::::::*
cpe:2.3:a:ssh:tectia_connector:5.1.3:::::::*
cpe:2.3:a:ssh:tectia_connector:5.2.2:::::::*
cpe:2.3:a:ssh:tectia_connector:5.3.0:::::::*
cpe:2.3:a:ssh:tectia_connector:5.3.1:::::::*
cpe:2.3:a:ssh:tectia_connector:5.3.2:::::::*
cpe:2.3:a:ssh:tectia_connector:5.3.3:::::::*
cpe:2.3:a:ssh:tectia_connector:5.3.7:::::::*
cpe:2.3:a:ssh:tectia_connector:5.3.8:::::::*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.0:::::::*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.1:::::::*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.2:::::::*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.3:::::::*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.4:::::::*
cpe:2.3:a:ssh:tectia_server:4.0:::::::*
cpe:2.3:a:ssh:tectia_server:4.0.3:::::::*
cpe:2.3:a:ssh:tectia_server:4.0.4:::::::*
cpe:2.3:a:ssh:tectia_server:4.0.5:::::::*
cpe:2.3:a:ssh:tectia_server:4.0.7:::::::*
cpe:2.3:a:ssh:tectia_server:4.1.2:::::::*
cpe:2.3:a:ssh:tectia_server:4.1.3:::::::*
cpe:2.3:a:ssh:tectia_server:4.1.5:::::::*
cpe:2.3:a:ssh:tectia_server:4.2.0:::::::*
cpe:2.3:a:ssh:tectia_server:4.2.1:::::::*
cpe:2.3:a:ssh:tectia_server:4.2.2:::::::*
cpe:2.3:a:ssh:tectia_server:4.3:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.0:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.1:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.2:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.3:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.4:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.5:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.6:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.7:::::::*
cpe:2.3:a:ssh:tectia_server:4.4:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.0:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.1:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.2:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.4:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.5:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.6:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.7:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.8:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.9:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.10:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.11:::::::*
cpe:2.3:a:ssh:tectia_server:5.0.0:::::::*
cpe:2.3:a:ssh:tectia_server:5.0.1:::::::*
cpe:2.3:a:ssh:tectia_server:5.0.2:::::::*
cpe:2.3:a:ssh:tectia_server:5.0.3:::::::*
cpe:2.3:a:ssh:tectia_server:5.1.0:::::::*
cpe:2.3:a:ssh:tectia_server:5.1.1:::::::*
cpe:2.3:a:ssh:tectia_server:5.1.1::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.1.2:::::::*
cpe:2.3:a:ssh:tectia_server:5.1.3:::::::*
cpe:2.3:a:ssh:tectia_server:5.2.0:::::::*
cpe:2.3:a:ssh:tectia_server:5.2.0::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.2.1::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.2.2:::::::*
cpe:2.3:a:ssh:tectia_server:5.2.2::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.2.3:::::::*
cpe:2.3:a:ssh:tectia_server:5.2.4:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.0:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.0::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.3.1:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.2:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.3:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.4:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.5:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.6:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.7:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.8:::::::*
cpe:2.3:a:ssh:tectia_server:5.4.0::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.4.1::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.4.2::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.5.0::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.5.1::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:6.0.0:::::::*
cpe:2.3:a:ssh:tectia_server:6.0.0::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:6.0.1:::::::*
cpe:2.3:a:ssh:tectia_server:6.0.1::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:6.0.2:::::::*
cpe:2.3:a:ssh:tectia_server:6.0.3:::::::*
cpe:2.3:a:ssh:tectia_server:6.0.4:::::::*
cpe:2.3:a:ssh:tectia_server:6.0.4::linux_ibm_zos:::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://isc.sans.org/diary.html?storyid=5366	MISC
2	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	CONFIRM
3	http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html	APPLE
4	http://marc.info/?l=bugtraq&m=125017764422557&w=2	HP
5	http://openssh.org/txt/cbc.adv	CONFIRM
6	http://osvdb.org/49872	OSVDB
7	http://osvdb.org/50035	OSVDB
8	http://osvdb.org/50036	OSVDB
9	http://rhn.redhat.com/errata/RHSA-2009-1287.html	REDHAT
10	http://secunia.com/advisories/32740	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/32760	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/32833	SECUNIA
13	http://secunia.com/advisories/33121	SECUNIA
14	http://secunia.com/advisories/33308	SECUNIA
15	http://secunia.com/advisories/34857	SECUNIA
16	http://secunia.com/advisories/36558	SECUNIA
17	http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1	SUNALERT
18	http://support.apple.com/kb/HT3937	CONFIRM
19	http://support.attachmate.com/techdocs/2398.html	CONFIRM
20	http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm	MISC
21	http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt	MISC
22	http://www.kb.cert.org/vuls/id/958563	CERT-VN	US Government Resource
23	http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html	CONFIRM
24	http://www.securityfocus.com/archive/1/498558/100/0/threaded	BUGTRAQ
25	http://www.securityfocus.com/archive/1/498579/100/0/threaded	BUGTRAQ
26	http://www.securityfocus.com/bid/32319	BID
27	http://www.securitytracker.com/id?1021235	SECTRACK
28	http://www.securitytracker.com/id?1021236	SECTRACK
29	http://www.securitytracker.com/id?1021382	SECTRACK
30	http://www.ssh.com/company/news/article/953/	CONFIRM	Vendor Advisory
31	http://www.vupen.com/english/advisories/2008/3172	VUPEN
32	http://www.vupen.com/english/advisories/2008/3173	VUPEN
33	http://www.vupen.com/english/advisories/2008/3409	VUPEN
34	http://www.vupen.com/english/advisories/2009/1135	VUPEN
35	http://www.vupen.com/english/advisories/2009/3184	VUPEN
36	https://exchange.xforce.ibmcloud.com/vulnerabilities/46620	XF
37	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667	CONFIRM
38	https://kc.mcafee.com/corporate/index?page=content&id=SB10106	CONFIRM
39	https://kc.mcafee.com/corporate/index?page=content&id=SB10163	CONFIRM
40	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279	OVAL

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-200	情報漏えい	https://cwe.mitre.org/data/definitions/200.html

JVN Vulnerability Information

SSH 通信において一部データが漏えいする可能性

Title	SSH 通信において一部データが漏えいする可能性
Summary	SSH（Secure Shell）は、ネットワークを介してインターネット上に置かれているサーバにログインしたり、コマンドを実行したりするためのプログラムおよび通信プロトコルで、データは暗号化された状態で通信が行なわれます。 SSH で使用される通信方式の一部に対する攻撃方法が報告されています。報告された攻撃方法では、SSH がデフォルトで使用する通信方式において、ひとつの暗号化ブロックから 32 ビットの平文を取り出すことができるとされています。この攻撃が行なわれると、SSH セッションが切れることがあります。RFC 4251 では、通信エラーが発生した際再接続すべきとされているため、自動的に再接続する実装の場合、攻撃による影響が大きくなる可能性があります。
Possible impacts	攻撃が成立する可能性は低いとされていますが、攻撃が成立した場合、ひとつの暗号化ブロックから 32ビットの平文を取り出すことが可能です。
Solution	[CTR モードを使用する] CBC（Cipher Block Chaining）モードではなく CTR（CounTR）モードを使用する。 RFC 4344 において、SSH で使用する CTR モードに関する記述がされています。また、OpenSSH 3.7 以降では CTR モードの使用がサポートされています。
Publication Date	Nov. 17, 2008, midnight
Registration Date	Dec. 16, 2008, 5:11 p.m.
Last Update	May 14, 2012, 3:27 p.m.

Affected System

サン・マイクロシステムズ

OpenSolaris (sparc)

OpenSolaris (x86)

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

Sun Solaris 9 (sparc)

Sun Solaris 9 (x86)

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

IBM

IBM AIX 5.2

IBM AIX 5.3

IBM AIX 6.1

SSH コミュニケーションズ・セキュリティ

SSH Tectia Client 4.3.10-K (Korean) 以前

SSH Tectia Client 4.3.3-J (Japanese) 以前

SSH Tectia Client 4.4.11 以前

SSH Tectia Client 5.2.4 以前

SSH Tectia Client 5.3.8 以前

SSH Tectia Client 6.0.4 以前

SSH Tectia Connector 4.4.11 以前

SSH Tectia Connector 5.2.4 以前

SSH Tectia Connector 5.3.8 以前

SSH Tectia ConnectSecure 6.0.4 以前

SSH Tectia Server 4.4.11 以前

SSH Tectia Server 5.2.4 以前

SSH Tectia Server 5.3.8 以前

SSH Tectia Server 6.0.4 以前

SSH Tectia Server for IBM z/OS 5.5.1 以前

SSH Tectia Server for IBM z/OS 6.0.1 以前

SSH Tectia Server for Linux on IBM System z 6.0.4

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

OpenBSD

OpenSSH 4.7p1

アップル

Apple Mac OS X v10.5.8

Apple Mac OS X Server v10.5.8

日本電気

IP38X シリーズ 107e

IP38X シリーズ 1100

IP38X シリーズ 1200

IP38X シリーズ 1500

IP38X シリーズ 3000

IP38X シリーズ 58i

IP38X シリーズ SR100

WanBooster

ヤマハ

RT107e Rev.8.03.42以降

RT58i

RTX1100 Rev.8.03.37以降

RTX1200

RTX1500 Rev.8.03.37以降

RTX3000

SRT100

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-5161	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5161
National Vulnerability Database (NVD)
2	CVE-2008-5161	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5161
SECURITY BLOG
3	CVE-2008-5161 Information Exposure vulnerability in OpenSSH	https://blogs.oracle.com/sunsecurity/entry/cve_2008_5161_information_exposure

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT3937	http://support.apple.com/kb/HT3937
Apple セキュリティアップデート
2	HT3937	http://support.apple.com/kb/HT3937?viewlocale=ja_JP
Asianux Technical Support Network
3	openssh-4.3p2-29.2AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=749
dit
4	SSH Tectiaの脆弱性のお知らせ	http://www.dit.co.jp/support/ssh_tectia/index.html#12
IBM Support Document
5	5116	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5116
NEC製品セキュリティ情報
6	NV09-007	http://www.nec.co.jp/security-info/secinfo/nv09-007.html
OpenSSH
7	cbc.adv	http://www.openssh.com/txt/cbc.adv
8	release-3.7	http://www.openssh.com/txt/release-3.7
9	Top page	http://www.openssh.com/
Red Hat Security Advisory
10	RHSA-2009:1287	https://rhn.redhat.com/errata/RHSA-2009-1287.html
RTシリーズのセキュリティに関するFAQ
11	SSH通信において一部データが漏えいする可能性について	http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/CPNI957037.html
SSH Communications Security
12	953	http://www.ssh.com/company/news/2008/english/security/article/953/
Sun Alert Notification
13	247186	http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
レッドハットセキュリティーアップデート
14	RHSA-2009:1287	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1287J.html

その他

No	Name	URL
CPNI Vulnerability Advisory
1	CPNI-957037	http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
IETF
2	RFC 4251	http://tools.ietf.org/html/rfc4251
3	RFC 4253	http://tools.ietf.org/html/rfc4253
4	RFC 4344	http://tools.ietf.org/html/rfc4344
ISS X-Force Database
5	46620	http://xforce.iss.net/xforce/xfdb/46620
JVN
6	CPNI-957037	http://jvn.jp/niscc/CPNI-957037/
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
7	49872	http://osvdb.org/49872
Secunia Advisory
8	SA32740	http://secunia.com/advisories/32740
9	SA32760	http://secunia.com/advisories/32760
SecurityTracker
10	1021235	http://www.securitytracker.com/id?1021235
11	1021236	http://www.securitytracker.com/id?1021236
US-CERT Vulnerability Note
12	VU#958563	http://www.kb.cert.org/vuls/id/958563
VUPEN Security
13	VUPEN/ADV-2008-3172	http://www.vupen.com/english/advisories/2008/3172
14	VUPEN/ADV-2008-3173	http://www.vupen.com/english/advisories/2008/3173

Change Log

No	Changed Details	Date of change
0	[2008年12月16日] 掲載 [2009年05月27日] 影響を受けるシステム：ヤマハ (SSH通信において一部データが漏えいする可能性について) の情報を追加ベンダ情報：ヤマハ (SSH通信において一部データが漏えいする可能性について) を追加 [2009年08月06日] 影響を受けるシステム：日本電気 (NV09-007) の情報を追加ベンダ情報：日本電気 (NV09-007) を追加 [2009年09月29日] 影響を受けるシステム：ミラクル・リナックス (openssh-4.3p2-29.2AXS3) の情報を追加影響を受けるシステム：レッドハット (RHSA-2009:1287) の情報を追加ベンダ情報：ミラクル・リナックス (openssh-4.3p2-29.2AXS3) を追加ベンダ情報：レッドハット (RHSA-2009:1287) を追加 [2009年12月17日] 影響を受けるシステム：アップル (HT3937) の情報を追加ベンダ情報：アップル (HT3937) を追加 [2010年07月07日] 影響を受けるシステム：IBM (5116) の情報を追加ベンダ情報：IBM (5116) を追加 [2012年05月14日] ベンダ情報：オラクル (CVE-2008-5161 Information Exposure vulnerability in OpenSSH) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openbsd:openssh:4.7p1:::::::*
cpe:2.3:a:ssh:tectia_client:4.0:::::::*
cpe:2.3:a:ssh:tectia_client:4.0.1:::::::*
cpe:2.3:a:ssh:tectia_client:4.0.3:::::::*
cpe:2.3:a:ssh:tectia_client:4.0.4:::::::*
cpe:2.3:a:ssh:tectia_client:4.0.5:::::::*
cpe:2.3:a:ssh:tectia_client:4.2:::::::*
cpe:2.3:a:ssh:tectia_client:4.2.1:::::::*
cpe:2.3:a:ssh:tectia_client:4.3:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.1:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.1j:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.2:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.2j:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.3:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.4:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.5:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.6:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.7:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.8k:::::::*
cpe:2.3:a:ssh:tectia_client:4.3.9k:::::::*
cpe:2.3:a:ssh:tectia_client:4.4:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.1:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.2:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.3:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.4:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.6:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.7:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.8:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.9:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.10:::::::*
cpe:2.3:a:ssh:tectia_client:4.4.11:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.0:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.0f:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.1:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.1f:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.2:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.2f:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.3:::::::*
cpe:2.3:a:ssh:tectia_client:5.0.3f:::::::*
cpe:2.3:a:ssh:tectia_client:5.1.0:::::::*
cpe:2.3:a:ssh:tectia_client:5.1.1:::::::*
cpe:2.3:a:ssh:tectia_client:5.1.2:::::::*
cpe:2.3:a:ssh:tectia_client:5.1.3:::::::*
cpe:2.3:a:ssh:tectia_client:5.2.0:::::::*
cpe:2.3:a:ssh:tectia_client:5.2.1:::::::*
cpe:2.3:a:ssh:tectia_client:5.2.2:::::::*
cpe:2.3:a:ssh:tectia_client:5.2.3:::::::*
cpe:2.3:a:ssh:tectia_client:5.2.4:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.0:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.1:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.2:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.3:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.5:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.6:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.7:::::::*
cpe:2.3:a:ssh:tectia_client:5.3.8:::::::*
cpe:2.3:a:ssh:tectia_client:6.0.0:::::::*
cpe:2.3:a:ssh:tectia_client:6.0.1:::::::*
cpe:2.3:a:ssh:tectia_client:6.0.2:::::::*
cpe:2.3:a:ssh:tectia_client:6.0.3:::::::*
cpe:2.3:a:ssh:tectia_client:6.0.4:::::::*
cpe:2.3:a:ssh:tectia_connector:4.0.7:::::::*
cpe:2.3:a:ssh:tectia_connector:4.1.2:::::::*
cpe:2.3:a:ssh:tectia_connector:4.1.3:::::::*
cpe:2.3:a:ssh:tectia_connector:4.1.5:::::::*
cpe:2.3:a:ssh:tectia_connector:4.2.0:::::::*
cpe:2.3:a:ssh:tectia_connector:4.3.0:::::::*
cpe:2.3:a:ssh:tectia_connector:4.3.4:::::::*
cpe:2.3:a:ssh:tectia_connector:4.3.5:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.0:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.2:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.4:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.6:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.7:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.9:::::::*
cpe:2.3:a:ssh:tectia_connector:4.4.10:::::::*
cpe:2.3:a:ssh:tectia_connector:5.0.0:::::::*
cpe:2.3:a:ssh:tectia_connector:5.0.1:::::::*
cpe:2.3:a:ssh:tectia_connector:5.0.2:::::::*
cpe:2.3:a:ssh:tectia_connector:5.0.3:::::::*
cpe:2.3:a:ssh:tectia_connector:5.1.0:::::::*
cpe:2.3:a:ssh:tectia_connector:5.1.1:::::::*
cpe:2.3:a:ssh:tectia_connector:5.1.2:::::::*
cpe:2.3:a:ssh:tectia_connector:5.1.3:::::::*
cpe:2.3:a:ssh:tectia_connector:5.2.2:::::::*
cpe:2.3:a:ssh:tectia_connector:5.3.0:::::::*
cpe:2.3:a:ssh:tectia_connector:5.3.1:::::::*
cpe:2.3:a:ssh:tectia_connector:5.3.2:::::::*
cpe:2.3:a:ssh:tectia_connector:5.3.3:::::::*
cpe:2.3:a:ssh:tectia_connector:5.3.7:::::::*
cpe:2.3:a:ssh:tectia_connector:5.3.8:::::::*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.0:::::::*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.1:::::::*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.2:::::::*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.3:::::::*
cpe:2.3:a:ssh:tectia_connectsecure:6.0.4:::::::*
cpe:2.3:a:ssh:tectia_server:4.0:::::::*
cpe:2.3:a:ssh:tectia_server:4.0.3:::::::*
cpe:2.3:a:ssh:tectia_server:4.0.4:::::::*
cpe:2.3:a:ssh:tectia_server:4.0.5:::::::*
cpe:2.3:a:ssh:tectia_server:4.0.7:::::::*
cpe:2.3:a:ssh:tectia_server:4.1.2:::::::*
cpe:2.3:a:ssh:tectia_server:4.1.3:::::::*
cpe:2.3:a:ssh:tectia_server:4.1.5:::::::*
cpe:2.3:a:ssh:tectia_server:4.2.0:::::::*
cpe:2.3:a:ssh:tectia_server:4.2.1:::::::*
cpe:2.3:a:ssh:tectia_server:4.2.2:::::::*
cpe:2.3:a:ssh:tectia_server:4.3:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.0:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.1:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.2:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.3:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.4:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.5:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.6:::::::*
cpe:2.3:a:ssh:tectia_server:4.3.7:::::::*
cpe:2.3:a:ssh:tectia_server:4.4:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.0:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.1:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.2:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.4:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.5:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.6:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.7:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.8:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.9:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.10:::::::*
cpe:2.3:a:ssh:tectia_server:4.4.11:::::::*
cpe:2.3:a:ssh:tectia_server:5.0.0:::::::*
cpe:2.3:a:ssh:tectia_server:5.0.1:::::::*
cpe:2.3:a:ssh:tectia_server:5.0.2:::::::*
cpe:2.3:a:ssh:tectia_server:5.0.3:::::::*
cpe:2.3:a:ssh:tectia_server:5.1.0:::::::*
cpe:2.3:a:ssh:tectia_server:5.1.1:::::::*
cpe:2.3:a:ssh:tectia_server:5.1.1::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.1.2:::::::*
cpe:2.3:a:ssh:tectia_server:5.1.3:::::::*
cpe:2.3:a:ssh:tectia_server:5.2.0:::::::*
cpe:2.3:a:ssh:tectia_server:5.2.0::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.2.1::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.2.2:::::::*
cpe:2.3:a:ssh:tectia_server:5.2.2::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.2.3:::::::*
cpe:2.3:a:ssh:tectia_server:5.2.4:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.0:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.0::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.3.1:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.2:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.3:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.4:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.5:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.6:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.7:::::::*
cpe:2.3:a:ssh:tectia_server:5.3.8:::::::*
cpe:2.3:a:ssh:tectia_server:5.4.0::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.4.1::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.4.2::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.5.0::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:5.5.1::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:6.0.0:::::::*
cpe:2.3:a:ssh:tectia_server:6.0.0::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:6.0.1:::::::*
cpe:2.3:a:ssh:tectia_server:6.0.1::ibm_zos:::::
cpe:2.3:a:ssh:tectia_server:6.0.2:::::::*
cpe:2.3:a:ssh:tectia_server:6.0.3:::::::*
cpe:2.3:a:ssh:tectia_server:6.0.4:::::::*
cpe:2.3:a:ssh:tectia_server:6.0.4::linux_ibm_zos:::::