lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041027030218.GB19675@galena.poc.net>
Date: Tue, 26 Oct 2004 23:02:22 -0400
From: Anatole Shaw <anatole@...ionalsky.com>
To: bugtraq@...urityfocus.com
Subject: PuTTY SSH client vulnerability


>From http://www.chiark.greenend.org.uk/~sgtatham/putty/

======================================================================

2004-10-26 ANOTHER SECURITY HOLE, fixed in PuTTY 0.56 

PuTTY 0.56, released today, fixes a serious security hole which can
allow a server to execute code of its choice on a PuTTY client
connecting to it. In SSH2, the attack can be performed before host key
verification, meaning that even if you trust the server you think you
are connecting to, a different machine could be impersonating it and
could launch the attack before you could tell the difference. We
recommend everybody upgrade to 0.56 as soon as possible. 

That's two really bad holes in three months. I'd like to apologise to
all our users for the inconvenience.

======================================================================



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ