| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <41134F55.7030009@cc.kuleuven.ac.be> From: Rik.Bobbaers at cc.kuleuven.ac.be (harry) Subject: Re: [ GLSA 200408-04 ] PuTTY: Pre-authentication arbitrary code execution Sune Kloppenborg Jeppesen wrote: <snip> > Description > =========== > > PuTTY contains a vulnerability allowing a malicious server to execute > arbitrary code on the connecting client before host key verification. > > Impact > ====== > > When connecting to a server using the SSH2 protocol an attacker is able > to execute arbitrary code with the permissions of the user running > PuTTY by sending specially crafted packets to the client during the > authentication process but before host key verification. <snip> does this mean that everyone on the network can execute arbitrary code on the victim's machine by simply doing a man in the middle attack? what other security issues are attached to this? is it only a vulnerability if the server you're on is not trusted? (in that case, you shouldn't even trust the ssh deamon and you shouldn't be there :)) -- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 Rik.Bobbaers@...kuleuven.ac.be -=- http://harry.ulyssis.org "\x41\x20\x63\x6f\x6d\x70\x75\x74\x65\x72\x20\x77\x69\x74\x68\x6f\x75\x74\x20" "\x57\x69\x6e\x64\x6f\x77\x73\x20\x69\x73\x20\x6c\x69\x6b\x65\x20\x61\x20\x66" "\x69\x73\x68\x20\x77\x69\x74\x68\x6f\x75\x74\x20\x61\x20\x62\x69\x63\x79\x63" "\x6c\x65\x0a\x00"
Powered by blists - more mailing lists