Full Disclosure mailing list archives
Re: [ GLSA 200408-04 ] PuTTY: Pre-authentication arbitrary code execution
From: harry <Rik.Bobbaers () cc kuleuven ac be>
Date: Fri, 06 Aug 2004 11:28:53 +0200
Sune Kloppenborg Jeppesen wrote: <snip>
Description =========== PuTTY contains a vulnerability allowing a malicious server to execute arbitrary code on the connecting client before host key verification. Impact ====== When connecting to a server using the SSH2 protocol an attacker is able to execute arbitrary code with the permissions of the user running PuTTY by sending specially crafted packets to the client during the authentication process but before host key verification.
<snip>does this mean that everyone on the network can execute arbitrary code on the victim's machine by simply doing a man in the middle attack?
what other security issues are attached to this? is it only a vulnerability if the server you're on is not trusted? (in that case, you shouldn't even trust the ssh deamon and you shouldn't be there :))
-- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 Rik.Bobbaers () cc kuleuven ac be -=- http://harry.ulyssis.org "\x41\x20\x63\x6f\x6d\x70\x75\x74\x65\x72\x20\x77\x69\x74\x68\x6f\x75\x74\x20" "\x57\x69\x6e\x64\x6f\x77\x73\x20\x69\x73\x20\x6c\x69\x6b\x65\x20\x61\x20\x66" "\x69\x73\x68\x20\x77\x69\x74\x68\x6f\x75\x74\x20\x61\x20\x62\x69\x63\x79\x63" "\x6c\x65\x0a\x00" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ GLSA 200408-04 ] PuTTY: Pre-authentication arbitrary code execution Sune Kloppenborg Jeppesen (Aug 05)
- Re: [ GLSA 200408-04 ] PuTTY: Pre-authentication arbitrary code execution harry (Aug 06)