Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Putty security fix was included in 3.6.7 released today.
martin

Thanks for the link.

While I do not understand why they mention only PSCP and Putty, when at least PSFTP shares the same code, so it should be vulnerable, I fear that it probably means WinSCP is vulnerable as well. I'm going to release patched version tomorrow, if possible.
Guest

From CORE-2004-0705 (<invalid hyperlink removed by admin>)

The vulnerabilities were triggered by modifying the implementation of OpenSSH 3.8.1p1, specifically by modifying the following functions:
    packet_put_int
    packet_put_string
    packet_put_cstring
    packet_put_raw
    packet_put_bignum
    packet_put_bignum2
to send specially crafted packets to the SSH client.
martin

I know all this. But the information is not very useful to find actual cause of the problem. I got latest source code. I have also checked CSV. Unfortunatelly I'm not sure what, if any, changes in the code corresponds to the vulnerability. So either the fix is not publicly available yet. Or the problem was fixed in past, but the Putty author has not realized then that it had so serious consequences. Only now he has realized it and released quickly fixed version with old fix.

Also the chances are the problem maybe in Putty GUI, which is not shared with WinSCP, so may not affect it at all.
Guest

Oh, and the previously-linked site has the 0.55 Unix source code up, but I'm not sure if the development snapshot source is for 0.55 or some earlier version.
Guest

From here:

2004-08-03 SECURITY HOLE, fixed in PuTTY 0.55

PuTTY 0.55, released today, fixes a serious security hole which may allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.55 as soon as possible.
martin

Re: Putty Security fix

Is WinSCP vulnerable to the security hole found in Putty 0.54 and earlier?

So far I was not able to get any details about the vulnerability. It seems that available Putty source code does not contain the fix, so I cannot check even that way. Or it was fixed long time ago and I have not noticed, but I doubt.

If you have any details, please let me know.
Guest

Putty Security fix

Is WinSCP vulnerable to the security hole found in Putty 0.54 and earlier?