[OT] Security hole in PuTTY (Windows ssh client)
Jay O'Brien
jayobrien at att.net
Mon Aug 16 16:23:22 PDT 2004
stheg olloydson wrote:
> Hello,
>
> Sorry for the completely OT post, but I saw two mentions of PuTTY in
> one day on the list and assume it must be a popular piece of Windows
> software. The SANS Institute "@Risk" newsletter dated 8AUG04 contains
> the following item regarding PuTTY:
>
> 04.31.4 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: PuTTY Remote Buffer Overflow
> Description: PuTTY is a free Telnet and SSH client. It has been
> reported that PuTTY is subject to a pre-authentication buffer overflow
> that can allow malicious servers to execute code on a client machine
> as it attempts to negotiate connection. PuTTY 0.54 and previous
> versions are vulnerable.
> Ref:
> http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10
>
> Again, sorry for the OT post, but it seems (at least) very marginally
> relevant to some. We now return you regularly scheduled program of
> FBSD....
>
> Regards,
>
> Stheg
>
>
I think what you are saying is that if you use PuTTY as a client
application that you should be concerned about what server you
connect to? From what you are saying, I suspect that if the only
use is to connect to your own (FreeBSD) server, you are probably ok?
Jay O'Brien
More information about the freebsd-questions
mailing list