Vulnwatch mailing list archives
Security issue with PuTTY v.54
From: vulnwatch () exocet ca
Date: Wed, 4 Aug 2004 09:03:33 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Haven't seen this on the Vulnwatch list yet, so: PuTTY v.54 apparently has a rather serious security issue. Lifted straight from the author's web site: "2004-08-03 SECURITY HOLE, fixed in PuTTY 0.55 "PuTTY 0.55, released today, fixes a serious security hole which may allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.55 as soon as possible." PuTTY can be downloaded from the author's site at: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html - -- Sent via Mozilla v1.7 Deepthought: Debian GNU/Linux (Services: SSH, DNS, IMAP, Web!) The PGP signature verifies that I, not an imposter, sent this email. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBEQhmGuSF7OL+BegRAjd3AKDaDBU9oMYycCuYkDj4ornJIYwJkgCg/Dqh Y253hMoVNWPwZPvA4oqtd8U= =jDWy -----END PGP SIGNATURE-----
Current thread:
- Security issue with PuTTY v.54 vulnwatch (Aug 04)