Nessus Plugin #14560
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200408-04] PuTTY: Pre-authentication arbitrary code execution
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2004 Michel Arboi
- Summary:
- PuTTY: Pre-authentication arbitrary code execution
- Version:
- $Revision: 1.1 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200408-04
- Description:
- The remote host is affected by the vulnerability described in GLSA-200408-04
(PuTTY: Pre-authentication arbitrary code execution)
PuTTY contains a vulnerability allowing a malicious server to execute
arbitrary code on the connecting client before host key verification.
Impact
When connecting to a server using the SSH2 protocol an attacker is able to
execute arbitrary code with the permissions of the user running PuTTY by
sending specially crafted packets to the client during the authentication
process but before host key verification.
Workaround
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of PuTTY.
References:
http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10
http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Solution:
All PuTTY users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=net-misc/putty-0.55"
# emerge ">=net-misc/putty-0.55"
Risk Factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.