A remote overflow exists in PuTTY. PuTTY fails to perform bounds checking on SSH2_MSG_DEBUG packets resulting in a buffer overflow via the 'stringlen' parameter. With the aid of a malicious SSH2 server, an attacker can execute arbitrary code resulting in a loss of confidentiality and integrity.
Classification
Location:
Remote / Network Access
Attack Type:
Information Disclosure,
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Solution:
Upgrade
Disclosure:
OSVDB Verified,
Vendor Verified
Solution
Upgrade to version 0.56 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
This product uses the Daylife API but is not endorsed or certified by Daylife.
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.