Hi This bug was fixed in the package openssh - 1:5.2p1-1ubuntu1 as per https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/379329
<https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/379329>is it available in Hardy 8.04 ? Thanks Kaushal Forwarded conversation Subject: OpenVAS Vulnerability on Ubuntu Linux Server 8.04 ------------------------ From: *Kaushal Shriyan* <kaushalshri...@gmail.com> Date: Tue, Nov 16, 2010 at 6:50 PM To: ubuntu-harde...@lists.ubuntu.com Hi, Can someone please suggest/guide me about the below vulnerability. I have ran OpenVAS Scanner and it reports that vulnerability. The affected server is Ubuntu 8.04. Medium OpenSSH CBC Mode Information Disclosure Vulnerability Risk: Medium Application: ssh Port: 22 Protocol: tcp ScriptID: 100153 Overview: The host is installed with OpenSSH and is prone to information disclosure vulnerability. Vulnerability Insight: The flaw is caused due to the improper handling of errors within an SSH session encrypted with a block cipher algorithm in the Cipher-Block Chaining 'CBC' mode. Impact: Successful exploits will allow attackers to obtain four bytes of plaintext from an encrypted session. Impact Level: Application Affected Software/OS: Versions prior to OpenSSH 5.2 are vulnerable. Various versions of SSH Tectia are also affected. Fix: Upgrade to higher version http://www.openssh.com/portable.html References: http://www.securityfocus.com/bid/32319 CVE : CVE-2008-5161 BID : 32319 Thanks and Regards Kaushal ---------- From: *Jeff Schroeder* <jeffschroe...@computer.org> Date: Tue, Nov 16, 2010 at 6:53 PM To: Ubuntu security discussion <ubuntu-harde...@lists.ubuntu.com> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/379329 -- Jeff Schroeder Don't drink and derive, alcohol and analysis don't mix. http://www.digitalprognosis.com -- ubuntu-hardened mailing list ubuntu-harde...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
-- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
