Topic "Putty Security fix"

Author Message
Guest




Is WinSCP vulnerable to the security hole found in Putty 0.54 and earlier?
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Quote:
Is WinSCP vulnerable to the security hole found in Putty 0.54 and earlier?

So far I was not able to get any details about the vulnerability. It seems that available Putty source code does not contain the fix, so I cannot check even that way. Or it was fixed long time ago and I have not noticed, but I doubt.

If you have any details, please let me know.
_________________
Martin Prikryl
Guest




From here:

Quote:
2004-08-03 SECURITY HOLE, fixed in PuTTY 0.55

PuTTY 0.55, released today, fixes a serious security hole which may allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.55 as soon as possible.
Guest




Oh, and the previously-linked site has the 0.55 Unix source code up, but I'm not sure if the development snapshot source is for 0.55 or some earlier version.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
I know all this. But the information is not very useful to find actual cause of the problem. I got latest source code. I have also checked CSV. Unfortunatelly I'm not sure what, if any, changes in the code corresponds to the vulnerability. So either the fix is not publicly available yet. Or the problem was fixed in past, but the Putty author has not realized then that it had so serious consequences. Only now he has realized it and released quickly fixed version with old fix.

Also the chances are the problem maybe in Putty GUI, which is not shared with WinSCP, so may not affect it at all.
_________________
Martin Prikryl
Guest




From CORE-2004-0705 (<invalid hyperlink removed by admin>)

The vulnerabilities were triggered by modifying the implementation of OpenSSH 3.8.1p1, specifically by modifying the following functions:
    packet_put_int
    packet_put_string
    packet_put_cstring
    packet_put_raw
    packet_put_bignum
    packet_put_bignum2
to send specially crafted packets to the SSH client.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Thanks for the link.

While I do not understand why they mention only PSCP and Putty, when at least PSFTP shares the same code, so it should be vulnerable, I fear that it probably means WinSCP is vulnerable as well. I'm going to release patched version tomorrow, if possible.
_________________
Martin Prikryl
Guest




From CORE-2004-0705 (<invalid hyperlink removed by admin>)

Simon has added his own writeups of the bugs to the wishlist pages:


Peter
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Putty security fix was included in 3.6.7 released today.
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License