PuTTY Private Key 'putty/sshdss. c' Multiple Information Leakage Vulnerabilities
Release date:
Updated on:
Affected Systems:
Simon Tatham PuTTY 0.52-0.63
Description:
--------------------------------------------------------------------------------
Bugtraq id: 61644
CVE (CAN) ID: CVE-2013-4208
PuTTY is an implementation of PuTTYTelnet and SSH on Windows and Unix platforms, with an xterm terminal simulator.
PuTTY 0.52-0.63 is not designed to promptly erase sensitive data in the memory, such as keys. Malicious attackers can obtain keys or other sensitive information from PuTTY memory or crash DUMP.
<* Source: vendor
Link: http://seclists.org/oss-sec/2013/q3/291
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Simon Tatham
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.chiark.greenend.org.uk /~ Sgtatham/putty/