Putty Security fix

Advertisement

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,094
Location:
Prague, Czechia

Re: Putty Security fix

Is WinSCP vulnerable to the security hole found in Putty 0.54 and earlier?
So far I was not able to get any details about the vulnerability. It seems that available Putty source code does not contain the fix, so I cannot check even that way. Or it was fixed long time ago and I have not noticed, but I doubt.

If you have any details, please let me know.
_________________
Martin Prikryl

Reply with quote

Guest

From here:

2004-08-03 SECURITY HOLE, fixed in PuTTY 0.55

PuTTY 0.55, released today, fixes a serious security hole which may allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.55 as soon as possible.

Reply with quote

Guest

Oh, and the previously-linked site has the 0.55 Unix source code up, but I'm not sure if the development snapshot source is for 0.55 or some earlier version.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,094
Location:
Prague, Czechia

I know all this. But the information is not very useful to find actual cause of the problem. I got latest source code. I have also checked CSV. Unfortunatelly I'm not sure what, if any, changes in the code corresponds to the vulnerability. So either the fix is not publicly available yet. Or the problem was fixed in past, but the Putty author has not realized then that it had so serious consequences. Only now he has realized it and released quickly fixed version with old fix.

Also the chances are the problem maybe in Putty GUI, which is not shared with WinSCP, so may not affect it at all.
_________________
Martin Prikryl

Reply with quote

Advertisement

Guest

From CORE-2004-0705 (<invalid hyperlink removed by admin>)

The vulnerabilities were triggered by modifying the implementation of OpenSSH 3.8.1p1, specifically by modifying the following functions:
    packet_put_int
    packet_put_string
    packet_put_cstring
    packet_put_raw
    packet_put_bignum
    packet_put_bignum2
to send specially crafted packets to the SSH client.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,094
Location:
Prague, Czechia

Thanks for the link.

While I do not understand why they mention only PSCP and Putty, when at least PSFTP shares the same code, so it should be vulnerable, I fear that it probably means WinSCP is vulnerable as well. I'm going to release patched version tomorrow, if possible.
_________________
Martin Prikryl

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,094
Location:
Prague, Czechia

Putty security fix was included in 3.6.7 released today.
_________________
Martin Prikryl

Reply with quote

Advertisement

You can post new topics in this forum