Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

PuTTY SSH client vulnerability
From: Anatole Shaw <anatole () nationalsky com>
Date: Tue, 26 Oct 2004 23:02:22 -0400
From http://www.chiark.greenend.org.uk/~sgtatham/putty/


======================================================================

2004-10-26 ANOTHER SECURITY HOLE, fixed in PuTTY 0.56 

PuTTY 0.56, released today, fixes a serious security hole which can
allow a server to execute code of its choice on a PuTTY client
connecting to it. In SSH2, the attack can be performed before host key
verification, meaning that even if you trust the server you think you
are connecting to, a different machine could be impersonating it and
could launch the attack before you could tell the difference. We
recommend everybody upgrade to 0.56 as soon as possible. 

That's two really bad holes in three months. I'd like to apologise to
all our users for the inconvenience.

======================================================================

  By Date           By Thread  

Current thread:
  • PuTTY SSH client vulnerability Anatole Shaw (Oct 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]