Re: [IPS] PUTTY SSH-Client Exploit
From: Owen Dunn (firstname.lastname@example.org)
- Previous message: D4rkGr3y: "WinAmp v.3.0: buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: email@example.com From: Owen Dunn <firstname.lastname@example.org> Date: 04 Jan 2003 23:22:55 +0000
Daniel Alcántara de la Hoz <email@example.com> writes:
> In December 16, 2002 Rapid 7.Inc released a security alert about
> vulnerabilities in ssh2 implementations from multiple vendors. We
> have used the concept to code this exploit/proof of concept.
> It's a fake server to exploit the putty client. To test it you need
> to change the url in the shellcode; that file will be downloaded and
> run on exploitation.
I should point out that the vulnerabilities uncovered by Rapid 7 were
fixed in PuTTY 0.53b, released on November 12th 2002.
(S) (PuTTY team member)