Re: [IPS] PUTTY SSH-Client Exploit

From: Owen Dunn (owend@chiark.greenend.org.uk)
Date: 01/05/03

  • Next message: Joost Pol: "PDS: Integer overflow in FreeBSD kernel"
    To: bugtraq@securityfocus.com
    From: Owen Dunn <owend@chiark.greenend.org.uk>
    Date: 04 Jan 2003 23:22:55 +0000
    
    

    Daniel Alcántara de la Hoz <seguridad@iproyectos.net> writes:

    > In December 16, 2002 Rapid 7.Inc released a security alert about
    > vulnerabilities in ssh2 implementations from multiple vendors. We
    > have used the concept to code this exploit/proof of concept.
    >
    > It's a fake server to exploit the putty client. To test it you need
    > to change the url in the shellcode; that file will be downloaded and
    > run on exploitation.

    I should point out that the vulnerabilities uncovered by Rapid 7 were
    fixed in PuTTY 0.53b, released on November 12th 2002.

    (S) (PuTTY team member)