Date: Mon, 16 Aug 2004 16:43:31 -0700 From: Joshua Tinnin <krinklyfig@spymac.com> To: freebsd-questions@freebsd.org Subject: Re: [OT] Security hole in PuTTY (Windows ssh client) Message-ID: <200408161643.31387.krinklyfig@spymac.com> In-Reply-To: <20040816225232.20224.qmail@web61302.mail.yahoo.com> References: <20040816225232.20224.qmail@web61302.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 16 August 2004 03:52 pm, stheg olloydson <stheg_olloydson@yahoo.com> wrote: > Hello, > > Sorry for the completely OT post, but I saw two mentions of PuTTY in > one day on the list and assume it must be a popular piece of Windows > software. It is written for *nix and win32, and it has an MIT license. > The SANS Institute "@Risk" newsletter dated 8AUG04 contains > the following item regarding PuTTY: > > 04.31.4 CVE: Not Available > Platform: Third Party Windows Apps > Title: PuTTY Remote Buffer Overflow > Description: PuTTY is a free Telnet and SSH client. It has been > reported that PuTTY is subject to a pre-authentication buffer > overflow that can allow malicious servers to execute code on a client > machine as it attempts to negotiate connection. PuTTY 0.54 and > previous versions are vulnerable. > Ref: > http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10 You forgot to include this (from the link above): *Solution/Vendor Information/Workaround:* PuTTY 0.55 fixes these vulnerabilities. It is available at: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html PuTTY maintainers recommend that everybody upgrade to 0.55 as soon as possible. -- The latest PuTTY version in ports is 0.55. - jt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408161643.31387.krinklyfig>