[Full-Disclosure] [ GLSA 200502-28 ] PuTTY: Remote code execution

From: Luke Macken (lewk_at_gentoo.org)
Date: 02/21/05

  • Next message: idlabs-advisories_at_idefense.com: "[Full-Disclosure] iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow Vulnerability"
    Date: Mon, 21 Feb 2005 16:01:26 -0500
    To: gentoo-announce@gentoo.org
    
    
    
    

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 200502-28
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                http://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

      Severity: Normal
         Title: PuTTY: Remote code execution
          Date: February 21, 2005
          Bugs: #82753
            ID: 200502-28

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    PuTTY was found to contain vulnerabilities that can allow a malicious
    SFTP server to execute arbitrary code on unsuspecting PSCP and PSFTP
    clients.

    Background
    ==========

    PuTTY is a popular SSH client, PSCP is a secure copy implementation,
    and PSFTP is a SSH File Transfer Protocol client.

    Affected packages
    =================

        -------------------------------------------------------------------
         Package / Vulnerable / Unaffected
        -------------------------------------------------------------------
      1 net-misc/putty < 0.57 >= 0.57

    Description
    ===========

    Two vulnerabilities have been discovered in the PSCP and PSFTP clients,
    which can be triggered by the SFTP server itself. These issues are
    caused by the improper handling of the FXP_READDIR response, along with
    other string fields.

    Impact
    ======

    An attacker can setup a malicious SFTP server that would send these
    malformed responses to a client, potentially allowing the execution of
    arbitrary code on their system.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All PuTTY users should upgrade to the latest version:

        # emerge --sync
        # emerge --ask --oneshot --verbose ">=net-misc/putty-0.57"

    References
    ==========

      [ 1 ] PuTTY vulnerability vuln-sftp-readdir
            http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html
      [ 2 ] PuTTY vulnerability vuln-sftp-string
            http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html
      [ 3 ] CAN-2005-0467
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0467
      [ 4 ] iDEFENSE Advisory
            http://www.idefense.com/application/poi/display?id=201&type=vulnerabilities

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

      http://security.gentoo.org/glsa/glsa-200502-28.xml

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users machines is of utmost
    importance to us. Any security concerns should be addressed to
    security@gentoo.org or alternatively, you may file a bug at
    http://bugs.gentoo.org.

    License
    =======

    Copyright 2005 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.0

    
    

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html



  • Next message: idlabs-advisories_at_idefense.com: "[Full-Disclosure] iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow Vulnerability"

    Relevant Pages