Re: [OT] Security hole in PuTTY (Windows ssh client)

From: Joshua Tinnin (
Date: 08/17/04

  • Next message: Cubicool: "802.1x"
    Date: Mon, 16 Aug 2004 16:43:31 -0700

    On Monday 16 August 2004 03:52 pm, stheg olloydson
    <> wrote:
    > Hello,
    > Sorry for the completely OT post, but I saw two mentions of PuTTY in
    > one day on the list and assume it must be a popular piece of Windows
    > software.

    It is written for *nix and win32, and it has an MIT license.

    > The SANS Institute "@Risk" newsletter dated 8AUG04 contains
    > the following item regarding PuTTY:
    > 04.31.4 CVE: Not Available
    > Platform: Third Party Windows Apps
    > Title: PuTTY Remote Buffer Overflow
    > Description: PuTTY is a free Telnet and SSH client. It has been
    > reported that PuTTY is subject to a pre-authentication buffer
    > overflow that can allow malicious servers to execute code on a client
    > machine as it attempts to negotiate connection. PuTTY 0.54 and
    > previous versions are vulnerable.
    > Ref:

    You forgot to include this (from the link above):

    *Solution/Vendor Information/Workaround:*

    PuTTY 0.55 fixes these vulnerabilities. It is available at:

    PuTTY maintainers recommend that everybody upgrade to 0.55 as soon as

    The latest PuTTY version in ports is 0.55.
    - jt
    _______________________________________________ mailing list
    To unsubscribe, send any mail to ""

  • Next message: Cubicool: "802.1x"

    Relevant Pages

    • Re: [IPS] PUTTY SSH-Client Exploit
      ... > have used the concept to code this exploit/proof of concept. ... > It's a fake server to exploit the putty client. ... I should point out that the vulnerabilities uncovered by Rapid 7 were ... fixed in PuTTY 0.53b, ...
    • Re: New security alert
      ... > New SSH vulnerabilities are reported in: ... The "PuTTY 0.53b addresses vulnerabilities discovered by SSHredder" in the ... actual CERT advisory. ...
    • Re: SSH & 5.3 Problems
      ... >newer PuTTY fixed the problem, and it seams to work from FreeBSD 4.10. ... commercial SSH client for our Windows ... username, you pick from a drop-down list Authentication Method: ...
    • Re: [opensuse] GNU Screen display issues
      ... The first problem is Yast. ... Try a different ssh client or re-configure putty. ...
    • Re: [opensuse] GNU Screen display issues
      ... Try a different ssh client or re-configure putty. ... of screen (the exact opposite before changed encoding). ... For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx ...