Download
| Alert*
oval:org.secpod.oval:def:1800645
putty is installed oval:org.secpod.oval:def:1800799 Prior to any download in the SCP sink protocol, the server sends a line of text consisting of an octal number encoding Unix file permissions, a decimal number encoding the file size,and the file name. Since the file size can exceed 232 bytes, and in some compilation configurations of PuTTY the host ... oval:org.secpod.oval:def:601331 putty is installed oval:org.secpod.oval:def:601084 Several vulnerabilities where discovered in PuTTY, a Telnet/SSH client for X. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4206 Mark Wooding discovered a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication. ... oval:org.secpod.oval:def:601981 Patrick Coleman discovered that the Putty SSH client failed to wipe out unused sensitive memory. In addition Florent Daigniere discovered that exponential values in Diffie Hellman exchanges were insufficienty restricted. oval:org.secpod.oval:def:602293 A memory-corrupting integer overflow in the handling of the ECH control sequence was discovered in PuTTY"s terminal emulator. A remote attacker can take advantage of this flaw to mount a denial of service or potentially to execute arbitrary code. oval:org.secpod.oval:def:1800791 In PuTTY before 0.68, if SSH agent forwarding is enabled, local attackers that are also able to connect to the UNIX domain socket could have overwritten heap data Fixed in version putty 0.68 oval:org.secpod.oval:def:603840 Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be re-used. oval:org.secpod.oval:def:1800644 In PuTTY before 0.68, if SSH agent forwarding is enabled, local attackers that are also able to connect to the UNIX domain socket could have overwritten heap data Fixed In Version: putty 0.68 oval:org.secpod.oval:def:612881 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ... oval:org.secpod.oval:def:96941 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ... |