[OT] Security hole in PuTTY (Windows ssh client)
stheg olloydson
stheg_olloydson at yahoo.com
Mon Aug 16 15:52:33 PDT 2004
Hello,
Sorry for the completely OT post, but I saw two mentions of PuTTY in
one day on the list and assume it must be a popular piece of Windows
software. The SANS Institute "@Risk" newsletter dated 8AUG04 contains
the following item regarding PuTTY:
04.31.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: PuTTY Remote Buffer Overflow
Description: PuTTY is a free Telnet and SSH client. It has been
reported that PuTTY is subject to a pre-authentication buffer overflow
that can allow malicious servers to execute code on a client machine
as it attempts to negotiate connection. PuTTY 0.54 and previous
versions are vulnerable.
Ref:
http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10
Again, sorry for the OT post, but it seems (at least) very marginally
relevant to some. We now return you regularly scheduled program of
FBSD....
Regards,
Stheg
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
More information about the freebsd-questions
mailing list