The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 247186 A Security Vulnerability in Solaris Secure Shell (SSH) May Expose Some Plain Text From Encrypted Traffic

Guest Author
Product: Solaris 9 Operating System Solaris 10 Operating System OpenSolaris

A security vulnerability in the Solaris Secure Shell (SSH) software (see ssh(1)), when used with CBC-mode ciphers and (SSH protocol version 2), may allow a remote unprivileged user who is able to intercept SSH network traffic to gain access to a portion of plain text information from intercepted traffic which would otherwise be encrypted.

This issue is also referenced in the following documents:

State: Workaround
First released: 05-Dec-2008

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.