Title: PuTTY Remote SSH2_MSG_DEBUG Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
PuTTY is a Telnet and SSH client built for Linux and UNIX variants as well as Microsoft Windows operating systems. It is freely available under the MIT license.
A remote SSH2_MSG_DEBUG buffer overflow vulnerability affects PuTTY. This issue is due to insufficient bounds checking on network data prior to copying the data into process buffers.
This issue presents itself when the affected client receives malicious SSH2_MSG_DEBUG packets. The application attempts to parse the packet and derives a 'stringlen' value from strings located inside the packet. Bounds checks are performed on the derived value, however the check performed merely checks that the value is not greater than the buffer length; it fails to validate signed-ness. A specially crafted packet could trigger a buffer overflow condition in the affected client, resulting in code execution.
This issue can be triggered prior to any host key verification. This may allow an attacker to masquerade as an SSH server in order to exploit this issue without the knowledge of the unsuspecting target user.
An attacker may leverage this issue to execute arbitrary code on a computer running the affected software with the privileges of the user that activated it, facilitating unauthorized access.
TortoiseCVS 1.8.0 and prior versions are reported to be affected by this issue was well due to PuTTY integration for SSH.
PuTTY for Symbian OS 1.3.1 and prior versions are affected by this vulnerability as well. PuTTY for Symbian OS is a port of the PuTTY SSH client for the Symbian OS mobile operating system.
Affected Products:
- IBM TotalStorage SAN Volume Controller 2.1.0
- PuTTY for Symbian OS PuTTY for Symbian OS 1.2.0
- PuTTY for Symbian OS PuTTY for Symbian OS 1.3.0
- PuTTY for Symbian OS PuTTY for Symbian OS 1.3.0beta 2
- PuTTY for Symbian OS PuTTY for Symbian OS 1.3.0beta 3
- PuTTY for Symbian OS PuTTY for Symbian OS 1.3.0beta 4
- PuTTY for Symbian OS PuTTY for Symbian OS 1.3.1
- PuTTY for Symbian OS PuTTY for Symbian OS 1.3.1RC1
- Simon Tatham PuTTY 0.48.0
- Simon Tatham PuTTY 0.49.0
- Simon Tatham PuTTY 0.50.0
- Simon Tatham PuTTY 0.51.0
- Simon Tatham PuTTY 0.52.0
- Simon Tatham PuTTY 0.53.0
- Simon Tatham PuTTY 0.53.0b
- Simon Tatham PuTTY 0.54.0
- Simon Tatham PuTTY 0.55.0
- TortoiseCVS TortoiseCVS 1.8.0
References:
- IBM: Instructions to upgrade to PuTTY version 0.58 in SAN Volume Controller Master Co
- PuTTY Project: PuTTY Homepage
- PuTTY for Symbian OS: PuTTY for Symbian OS Home Page
- PuTTY for Symbian OS: PuTTY for Symbian OS: Release Notes 1.3.2 RC1
- TortoiseCVS: Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
