FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

putty -- pscp/psftp heap corruption vulnerabilities

Affected packages
putty < 0.57

Details

VuXML ID a413ed94-836e-11d9-a9e7-0001020eed82
Discovery 2005-02-20
Entry 2005-02-20
Modified 2005-02-23

Simon Tatham reports:

This version fixes a security hole in previous versions of PuTTY, which can allow a malicious SFTP server to attack your client. If you use either PSCP or PSFTP, you should upgrade. Users of the main PuTTY program are not affected. (However, note that the server must have passed host key verification before this attack can be launched, so a man-in-the-middle shouldn't be able to attack you if you're careful.)

[source]

References

Bugtraq ID 12601
CVE Name CVE-2005-0467
Message E1D2taM-0005R1-00@ixion.tartarus.org
Message FB24803D1DF2A34FA59FC157B77C970503E2462F@idserv04.idef.com
URL http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html
URL http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.