Topic "is WinSCP ok? 2005-02-20 SECURITY HOLE, fixed in PuTTY 0.57"

Author Message
bob

Guest


from http://www.chiark.greenend.org.uk/~sgtatham/putty/
2005-02-20 SECURITY HOLE, fixed in PuTTY 0.57

PuTTY 0.57, released today, fixes two security holes which can allow a malicious SFTP server to execute code of its choice on a PSCP or PSFTP client connecting to it. We recommend everybody upgrade to 0.57 as soon as possible.


http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html
PuTTY vulnerability vuln-sftp-readdir
summary: Vulnerability: crafted SFTP FXP_READDIR reply may allow remote code execution
present-in: 0.56
difficulty: fun: Just needs tuits, and not many of them.
class: vulnerability: This is a security vulnerability.
fixed-in: 0.57
priority: high: This should be fixed in the next release.


http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html
PuTTY vulnerability vuln-sftp-string
summary: Vulnerability: crafted SFTP string may allow remote code execution
present-in: 0.56
difficulty: fun: Just needs tuits, and not many of them.
class: vulnerability: This is a security vulnerability.
fixed-in: 0.57
priority: high: This should be fixed in the next release.


best bob
Advertisements
Guest




Here is the official iDEFENSE advisory with some code details...
guest

Guest


I am the one who packages UCamSRCF-SSHTools (http://www.srcf.ucam.org/utilities/ssh/package.html). It is a package contains various Win32 SSH clients: putty/pscp/psftp, winscp, iXplorer.

I also look forward to an updated version of winscp to fix this vulneriability so I can re-packege UCamSRCf-SSHTools.

A couple of days ago (right before putty v0.57 was released) I checked the change history at https://winscp.net/eng/docs/history and I remember the version 3.7.4 uses the CVS putty. However, the about box still says it is based on putty v0.56. I am not sure if winscp v3.7.4 patches the hole or not.

PS: the change history was blanked yesterday. The page says:
history.txt Last modified: 23 Feb 2005 23:32 by 64.107.94.21

Thanks
Guest_

Guest


After a bit search, I found the archive of the changelogs in this site,
https://winscp.net/eng/docs/history?rev=1108793832

It turns out the the SSH core is based on the development snapshot of Putty 2005-01-28 (since version 3.7.2). Does this mean version 3.7.4 is vulnerible?

Martin, would you please confirm? Sorry if I sound too aggresive. It just pity to exclude this nice product out of UCamSRCF-SSHTools. After all, we are indebt to you for your great contribution.

Thanks,
Guest

Guest


https://winscp.net/forum/viewtopic.php?p=6640&highlight=#6640
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
I was away for week, that's why I'm replying so late. WinSCP does not share the SFTP code with Putty. So it is not vulnerable. Well at least not with the described vulnerability Smile
_________________
Martin Prikryl
KB

Guest


Thanks for confirming this, Martin. I'll update SRCF page about this.

Which version of putty has newer code base, the stable v0.57 or the CVS snapshot on 2005-01-28? You must know the detail. If v0.57 includes everything in 2005-01-28 snapshot, it may be good to upgrade the ssh core asap.

Thanks again
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
KB wrote:
Which version of putty has newer code base, the stable v0.57 or the CVS snapshot on 2005-01-28? You must know the detail. If v0.57 includes everything in 2005-01-28 snapshot, it may be good to upgrade the ssh core asap.

0.57 is the same as 0.56, it just solves the security issue and few other bugs. 2005-01-28 includes much more changes (for example KEX panel).
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License