Putty Security fix
Is WinSCP vulnerable to the security hole found in Putty 0.54 and earlier?
- Guest
Putty Security fix
Advertisement
Advertisement
-
martin◆
Site Admin -
- Joined:
- Posts:
- 41,517
- Location:
- Prague, Czechia
Re: Putty Security fix
So far I was not able to get any details about the vulnerability. It seems that available Putty source code does not contain the fix, so I cannot check even that way. Or it was fixed long time ago and I have not noticed, but I doubt.Is WinSCP vulnerable to the security hole found in Putty 0.54 and earlier?
If you have any details, please let me know.
- Guest
From here:
2004-08-03 SECURITY HOLE, fixed in PuTTY 0.55
PuTTY 0.55, released today, fixes a serious security hole which may allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.55 as soon as possible.
- Guest
Oh, and the previously-linked site has the 0.55 Unix source code up, but I'm not sure if the development snapshot source is for 0.55 or some earlier version.
-
martin◆
Site Admin -
- Joined:
- Posts:
- 41,517
- Location:
- Prague, Czechia
I know all this. But the information is not very useful to find actual cause of the problem. I got latest source code. I have also checked CSV. Unfortunatelly I'm not sure what, if any, changes in the code corresponds to the vulnerability. So either the fix is not publicly available yet. Or the problem was fixed in past, but the Putty author has not realized then that it had so serious consequences. Only now he has realized it and released quickly fixed version with old fix.
Also the chances are the problem maybe in Putty GUI, which is not shared with WinSCP, so may not affect it at all.
Also the chances are the problem maybe in Putty GUI, which is not shared with WinSCP, so may not affect it at all.
Advertisement
- Guest
From CORE-2004-0705 (<invalid hyperlink removed by admin>)
The vulnerabilities were triggered by modifying the implementation of OpenSSH 3.8.1p1, specifically by modifying the following functions:
The vulnerabilities were triggered by modifying the implementation of OpenSSH 3.8.1p1, specifically by modifying the following functions:
- packet_put_int
packet_put_string
packet_put_cstring
packet_put_raw
packet_put_bignum
packet_put_bignum2
-
martin◆
Site Admin -
Thanks for the link.
While I do not understand why they mention only PSCP and Putty, when at least PSFTP shares the same code, so it should be vulnerable, I fear that it probably means WinSCP is vulnerable as well. I'm going to release patched version tomorrow, if possible.
While I do not understand why they mention only PSCP and Putty, when at least PSFTP shares the same code, so it should be vulnerable, I fear that it probably means WinSCP is vulnerable as well. I'm going to release patched version tomorrow, if possible.
- Guest
From CORE-2004-0705 (<invalid hyperlink removed by admin>)
Simon has added his own writeups of the bugs to the wishlist pages:
Peter
Simon has added his own writeups of the bugs to the wishlist pages:
-
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modpow.html
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ssh1-kex.html
Peter
-
martin◆
Site Admin -
Putty security fix was included in 3.6.7 released today.
Advertisement
You can post new topics in this forum