Description: Gaël Delalleau has reported two vulnerabilities in PuTTY, which can be exploited by malicious people to compromise a user's system.
1) An integer overflow in the "fxp_readdir_recv()" function in "sftp.c" can be exploited to execute arbitrary code via a malicious SFTP (SSH File Transfer Protocol) server sending a specially crafted respond to the "FXP_READDIR" command.
2) An integer overflow in the "fxp_open_recv()" function in "sftp.c" can be exploited to execute arbitrary code via a malicious SFTP server sending a specially crafted string field.
NOTE: Successful exploitation is only possible after host key verification.
The vulnerabilities have been reported in versions prior to 0.57.
Solution: Update to version 0.57.
www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Provided and/or discovered by: Gaël Delalleau
Changelog: 2005-02-22: Added CVE reference and link to iDEFENSE advisory.
Original Advisory: PuTTY:
www.chiark.greenend.org.uk/~sg...putty/wishlist/vuln-sftp-readdir.html
www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html
3. PuTTY Authentication Process Buffer Overflow Vulnerabilities
4. Terminal Emulators fail to handle escape sequences
Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
Secunia Poll
How do you verify if Adobe Flash Player is secure on client systems?
See Results
Most Popular Advisories
1.
Microsoft Windows Animated Cursor Buffer Overflow Vulnerability
2.
Microsoft Windows Message Queuing Buffer Overflow Vulnerability
3.
Kaspersky Products Multiple Vulnerabilities
4.
Mozilla Firefox Firebug Extension "console.log()" Cross-Context Scripting
5.
Internet Explorer 7 Window Injection Vulnerability