PuTTY vulnerability vuln-sshredder

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Pre-release · Snapshot | Docs | Privacy | Changes | Wishlist

summary: SSHredder test suite vulnerabilities (CERT CA-2002-36)
class: vulnerability: This is a security vulnerability.
difficulty: fun: Just needs tuits, and not many of them.
priority: high: This should be fixed in the next release.
present-in: 0.53
fixed-in: 0.53b 2002-11-09 7c95ea19c88fc7a547184ed84276fb3a6e2a5ba1

PuTTY 0.53 and earlier are vulnerable to the attack described in CERT advisory CA-2002-36 "Multiple Vulnerabilities in SSH Implementations" (also VU#389665). This vulnerability is believed to be fixed in 0.53b (released Nov 12, 2002).

Certain well-chosen malformed or unusual packets can lead to remote code execution attacks. See the Rapid7 advisory and their SSHredder test suite for details.

I-Proyectos has released a proof-of-concept exploit to BugTraq.

CVE have assigned the following candidate IDs to the vulnerabilities tested for by SSHredder:

(I haven't checked which of these PuTTY was actually vulnerable to).


If you want to comment on this web site, see the Feedback page.
Audit trail for this vulnerability.
(last revision of this bug record was at 2019-03-21 07:16:27 +0000)