Re: [OT] Security hole in PuTTY (Windows ssh client)

From: Joshua Tinnin (krinklyfig_at_spymac.com)
Date: 08/17/04

  • Next message: Cubicool: "802.1x"
    To: freebsd-questions@freebsd.org
    Date: Mon, 16 Aug 2004 16:43:31 -0700
    
    

    On Monday 16 August 2004 03:52 pm, stheg olloydson
    <stheg_olloydson@yahoo.com> wrote:
    > Hello,
    >
    > Sorry for the completely OT post, but I saw two mentions of PuTTY in
    > one day on the list and assume it must be a popular piece of Windows
    > software.

    It is written for *nix and win32, and it has an MIT license.

    > The SANS Institute "@Risk" newsletter dated 8AUG04 contains
    > the following item regarding PuTTY:
    >
    > 04.31.4 CVE: Not Available
    > Platform: Third Party Windows Apps
    > Title: PuTTY Remote Buffer Overflow
    > Description: PuTTY is a free Telnet and SSH client. It has been
    > reported that PuTTY is subject to a pre-authentication buffer
    > overflow that can allow malicious servers to execute code on a client
    > machine as it attempts to negotiate connection. PuTTY 0.54 and
    > previous versions are vulnerable.
    > Ref:
    > http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10

    You forgot to include this (from the link above):

    *Solution/Vendor Information/Workaround:*

    PuTTY 0.55 fixes these vulnerabilities. It is available at:
    http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

    PuTTY maintainers recommend that everybody upgrade to 0.55 as soon as
    possible.

    --
    The latest PuTTY version in ports is 0.55.
    - jt
    _______________________________________________
    freebsd-questions@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
    

  • Next message: Cubicool: "802.1x"