Re: [OT] Security hole in PuTTY (Windows ssh client)

From: Joshua Tinnin (
Date: 08/17/04

  • Next message: Cubicool: "802.1x"
    Date: Mon, 16 Aug 2004 16:43:31 -0700

    On Monday 16 August 2004 03:52 pm, stheg olloydson
    <> wrote:
    > Hello,
    > Sorry for the completely OT post, but I saw two mentions of PuTTY in
    > one day on the list and assume it must be a popular piece of Windows
    > software.

    It is written for *nix and win32, and it has an MIT license.

    > The SANS Institute "@Risk" newsletter dated 8AUG04 contains
    > the following item regarding PuTTY:
    > 04.31.4 CVE: Not Available
    > Platform: Third Party Windows Apps
    > Title: PuTTY Remote Buffer Overflow
    > Description: PuTTY is a free Telnet and SSH client. It has been
    > reported that PuTTY is subject to a pre-authentication buffer
    > overflow that can allow malicious servers to execute code on a client
    > machine as it attempts to negotiate connection. PuTTY 0.54 and
    > previous versions are vulnerable.
    > Ref:

    You forgot to include this (from the link above):

    *Solution/Vendor Information/Workaround:*

    PuTTY 0.55 fixes these vulnerabilities. It is available at:

    PuTTY maintainers recommend that everybody upgrade to 0.55 as soon as

    The latest PuTTY version in ports is 0.55.
    - jt
    _______________________________________________ mailing list
    To unsubscribe, send any mail to ""

  • Next message: Cubicool: "802.1x"