Re: SECURITY UPDATE: PuTTY version 0.57 is released

From: Fraser Tweedale (s4054522_at_student.uq.edu.au)
Date: 02/21/05

  • Next message: mikebo: "Re: Building OpenSSH 3.9p1 on Solaris 10" 
    Date: Tue, 22 Feb 2005 08:48:28 +1000

    wow... THE Simon Tatham :)

    Thanks for the heads up mate!

    t

    Simon Tatham wrote:
    > SECURITY UPDATE: PuTTY version 0.57 is released
    > -----------------------------------------------
    >
    > All the pre-built binaries, and the source code, are now available
    > from the PuTTY website at
    >
    > http://www.chiark.greenend.org.uk/~sgtatham/putty/
    >
    > This is a SECURITY UPDATE. We recommend that _everybody_ upgrade, as
    > soon as possible.
    >
    > This version fixes a security hole in previous versions of PuTTY,
    > which can allow a malicious SFTP server to attack your client. If
    > you use either PSCP or PSFTP, you should upgrade. Users of the main
    > PuTTY program are not affected. (However, note that the server must
    > have passed host key verification before this attack can be
    > launched, so a man-in-the-middle shouldn't be able to attack you if
    > you're careful.)
    >
    > This vulnerability was found by iDEFENSE, who we expect to release
    > an advisory on the subject shortly.
    >
    > In addition to this security patch, there are also a few very minor
    > bug fixes which should stop PuTTY from crashing in circumstances
    > involving port forwarding, or failing to correctly perform X
    > forwarding. Other than that, though, 0.57 is almost identical to the
    > previous release 0.56.
    >
    > I repeat: PuTTY 0.57 fixes a SERIOUS SECURITY HOLE in many previous
    > versions of PSCP and PSFTP. If you use either of those programs, you
    > should upgrade now.
    >
    > Enjoy using PuTTY!

  • Next message: mikebo: "Re: Building OpenSSH 3.9p1 on Solaris 10"

    Relevant Pages

    • [NT] PuTTY and PSCP Multiple Heap Overflow Vulnerabilities
      ... Get your security news from a reliable source. ... PuTTY is a free implementation of Telnet and SSH for Win32 and Unix ... vulnerabilities and as a result execute arbitrary code at the client side. ... While PSCP is authenticating to the server this vulnerability can be ...
      (Securiteam)
    • SECURITY UPDATE: PuTTY version 0.55 is released
      ... PuTTY version 0.55 is released ... This is a bug fix release to 0.54, and also a SECURITY UPDATE. ... which can allow an SSH2 server to attack your client before host key ...
      (comp.security.ssh)
    • SECURITY UPDATE: PuTTY version 0.56 is released
      ... PuTTY version 0.56 is released ... This is a SECURITY UPDATE. ... - Minimal support for not running a shell or command at all in SSH ...
      (comp.security.ssh)
    • SECURITY UPDATE: PuTTY version 0.57 is released
      ... SECURITY UPDATE: PuTTY version 0.57 is released ... This is a SECURITY UPDATE. ... which can allow a malicious SFTP server to attack your client. ...
      (comp.security.ssh)
    • Re: Cedar siding repair
      ... Sorry, several fixes. ... I'd use a simple exterior wood ... putty which is sold in colors (use one that either seems to match, ...
      (alt.home.repair)