FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

putty -- buffer overflow vulnerability in ssh2 support

Affected packages
putty < 0.56

Details

VuXML ID 19518d22-2d05-11d9-8943-0050fc56d258
Discovery 2004-10-26
Entry 2004-11-04
Modified 2005-01-19

There is a bug in SSH2 support that allows a server to execute malicious code on a connecting PuTTY client. This attack can be performed before host key verification happens, so a different machine -- man in the middle attack -- could fake the machine you are connecting to.

References

Message 1CE07882ECEE894CA2D5A89B8DEBC4010A2DD2@porgy.admin.idefense.com
URL http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ssh2-debug.html
URL http://www.gentoo.org/security/en/glsa/glsa-200410-29.xml