is WinSCP ok? 2005-02-20 SECURITY HOLE, fixed in PuTTY 0.57

Advertisement

bob
Guest

is WinSCP ok? 2005-02-20 SECURITY HOLE, fixed in PuTTY 0.57

from https://www.chiark.greenend.org.uk/~sgtatham/putty/
2005-02-20 SECURITY HOLE, fixed in PuTTY 0.57

PuTTY 0.57, released today, fixes two security holes which can allow a malicious SFTP server to execute code of its choice on a PSCP or PSFTP client connecting to it. We recommend everybody upgrade to 0.57 as soon as possible.


https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html
PuTTY vulnerability vuln-sftp-readdir
summary: Vulnerability: crafted SFTP FXP_READDIR reply may allow remote code execution
present-in: 0.56
difficulty: fun: Just needs tuits, and not many of them.
class: vulnerability: This is a security vulnerability.
fixed-in: 0.57
priority: high: This should be fixed in the next release.


https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html
PuTTY vulnerability vuln-sftp-string
summary: Vulnerability: crafted SFTP string may allow remote code execution
present-in: 0.56
difficulty: fun: Just needs tuits, and not many of them.
class: vulnerability: This is a security vulnerability.
fixed-in: 0.57
priority: high: This should be fixed in the next release.


best bob

Reply with quote

Advertisement

guest
Guest

I am the one who packages UCamSRCF-SSHTools (<invalid hyperlink removed by admin>). It is a package contains various Win32 SSH clients: putty/pscp/psftp, winscp, iXplorer.

I also look forward to an updated version of winscp to fix this vulneriability so I can re-packege UCamSRCf-SSHTools.

A couple of days ago (right before putty v0.57 was released) I checked the change history at https://winscp.net/eng/docs/history and I remember the version 3.7.4 uses the CVS putty. However, the about box still says it is based on putty v0.56. I am not sure if winscp v3.7.4 patches the hole or not.

PS: the change history was blanked yesterday. The page says:
history.txt Last modified: 23 Feb 2005 23:32 by 64.107.94.21

Thanks

Reply with quote

Guest_
Guest

After a bit search, I found the archive of the changelogs in this site,
https://winscp.net/eng/docs/history?rev=1108793832

It turns out the the SSH core is based on the development snapshot of Putty 2005-01-28 (since version 3.7.2). Does this mean version 3.7.4 is vulnerible?

Martin, would you please confirm? Sorry if I sound too aggresive. It just pity to exclude this nice product out of UCamSRCF-SSHTools. After all, we are indebt to you for your great contribution.

Thanks,

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,426
Location:
Prague, Czechia

Re: Cool down guys

I was away for week, that's why I'm replying so late. WinSCP does not share the SFTP code with Putty. So it is not vulnerable. Well at least not with the described vulnerability :-)
_________________
Martin Prikryl

Reply with quote

KB
Guest

Thanks for confirming this, Martin. I'll update SRCF page about this.

Which version of putty has newer code base, the stable v0.57 or the CVS snapshot on 2005-01-28? You must know the detail. If v0.57 includes everything in 2005-01-28 snapshot, it may be good to upgrade the ssh core asap.

Thanks again

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,426
Location:
Prague, Czechia

KB wrote:

Which version of putty has newer code base, the stable v0.57 or the CVS snapshot on 2005-01-28? You must know the detail. If v0.57 includes everything in 2005-01-28 snapshot, it may be good to upgrade the ssh core asap.
0.57 is the same as 0.56, it just solves the security issue and few other bugs. 2005-01-28 includes much more changes (for example KEX panel).
_________________
Martin Prikryl

Reply with quote

Advertisement

You can post new topics in this forum