Re: [IPS] PUTTY SSH-Client Exploit

From: Owen Dunn (owend@chiark.greenend.org.uk)
Date: 01/05/03

Next message: Joost Pol: "PDS: Integer overflow in FreeBSD kernel"

Previous message: D4rkGr3y: "WinAmp v.3.0: buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: bugtraq@securityfocus.com
From: Owen Dunn <owend@chiark.greenend.org.uk>
Date: 04 Jan 2003 23:22:55 +0000

Daniel Alcántara de la Hoz <seguridad@iproyectos.net> writes:

> In December 16, 2002 Rapid 7.Inc released a security alert about
> vulnerabilities in ssh2 implementations from multiple vendors. We
> have used the concept to code this exploit/proof of concept.
>
> It's a fake server to exploit the putty client. To test it you need
> to change the url in the shellcode; that file will be downloaded and
> run on exploitation.

I should point out that the vulnerabilities uncovered by Rapid 7 were
fixed in PuTTY 0.53b, released on November 12th 2002.

(S) (PuTTY team member)

Next message: Joost Pol: "PDS: Integer overflow in FreeBSD kernel"
Previous message: D4rkGr3y: "WinAmp v.3.0: buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: New security alert
... > New SSH vulnerabilities are reported in: ... The "PuTTY 0.53b addresses vulnerabilities discovered by SSHredder" in the ... actual CERT advisory. ...
(comp.security.ssh)
Re: [OT] Security hole in PuTTY (Windows ssh client)
... > the following item regarding PuTTY: ... > Title: PuTTY Remote Buffer Overflow ... PuTTY is a free Telnet and SSH client. ... PuTTY 0.55 fixes these vulnerabilities. ...
(freebsd-questions)