Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-5914705C-AB03-11E9-A4F9-080027AC955C: PuTTY 0.72 -- buffer overflow in SSH-1 and integer overflow in SSH client

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

FreeBSD: VID-5914705C-AB03-11E9-A4F9-080027AC955C: PuTTY 0.72 -- buffer overflow in SSH-1 and integer overflow in SSH client

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
07/14/2019
Created
07/23/2019
Added
07/21/2019
Modified
07/21/2019

Description

Simon Tatham reports:

Vulnerabilities fixed in this release include:

A malicious SSH-1 server could trigger a buffer overrun by sending

extremely short RSA keys, or certain bad packet length fields.

Either of these could happen before host key verification, so even

if you trust the server you *intended* to connect to, you would

still be at risk.

(However, the SSH-1 protocol is obsolete, and recent versions of

PuTTY do not try it by default, so you are only at risk if you work

with old servers and have explicitly configured SSH-1.)

If a malicious process found a way to impersonate Pageant, then it

could cause an integer overflow in any of the SSH client tools

(PuTTY, Plink, PSCP, PSFTP) which accessed the malicious Pageant.

Other security-related bug fixes include:

The 'trust sigil' system introduced in PuTTY 0.71 to protect

against server spoofing attacks had multiple bugs. Trust sigils

were not turned off after login in the SSH-1 and Rlogin protocols,

and not turned back on if you used the Restart Session command.

Both are now fixed.

Solution(s)

  • freebsd-upgrade-package-putty
  • freebsd-upgrade-package-putty-gtk2
  • freebsd-upgrade-package-putty-nogtk

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;