Release date:
Updated on:
Affected Systems:
Simon Tatham puttty 0.61
Simon Tatham puttty 0.60
Simon Tatham puttty 0.59
Simon Tatham puttty 0.56
Simon Tatham puttty 0.55
Simon Tatham puttty 0.54
Simon Tatham PuTTY 0.53b
Simon Tatham puttty 0.53
Simon Tatham puttty 0.49
Simon Tatham puttty 0.48
Description:
--------------------------------------------------------------------------------
Bugtraq id: 61599
CVE (CAN) ID: CVE-2013-4852
PuTTY is an implementation of PuTTYTelnet and SSH on Windows and Unix platforms, with an xterm terminal simulator.
When processing an SSH handshake, PuTTY 0.62 triggers the heap buffer overflow vulnerability when handling a negative handshake message. After successful, the current user can execute any code. To exploit this vulnerability, You Need To trick users into connecting to malicious servers.
<* Source: Gergely Eberhardt
Link: http://secunia.com/advisories/54354/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Simon Tatham
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.chiark.greenend.org.uk /~ Sgtatham/putty/
PuTTY SVN:
Http://svn.tartarus.org/sgt? View = revision & sortby = date> revision = 9896
Gergely Eberhardt:
Http://www.search-lab.hu/advisories/secadv-20130722