Re: [OT] Security hole in PuTTY (Windows ssh client)
From: Joshua Tinnin (krinklyfig_at_spymac.com)
To: email@example.com Date: Mon, 16 Aug 2004 16:43:31 -0700
On Monday 16 August 2004 03:52 pm, stheg olloydson
> Sorry for the completely OT post, but I saw two mentions of PuTTY in
> one day on the list and assume it must be a popular piece of Windows
It is written for *nix and win32, and it has an MIT license.
> The SANS Institute "@Risk" newsletter dated 8AUG04 contains
> the following item regarding PuTTY:
> 04.31.4 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: PuTTY Remote Buffer Overflow
> Description: PuTTY is a free Telnet and SSH client. It has been
> reported that PuTTY is subject to a pre-authentication buffer
> overflow that can allow malicious servers to execute code on a client
> machine as it attempts to negotiate connection. PuTTY 0.54 and
> previous versions are vulnerable.
You forgot to include this (from the link above):
PuTTY 0.55 fixes these vulnerabilities. It is available at:
PuTTY maintainers recommend that everybody upgrade to 0.55 as soon as
-- The latest PuTTY version in ports is 0.55. - jt _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "email@example.com"