PuTTY allows attacker to execute arbitrary code

putty-code-execution (16885) The risk level is classified as HighHigh Risk

Description:

PuTTY could allow a remote attacker to execute arbitrary code on the system. A remote attacker could persuade a user to connect to a malicious server to execute arbitrary code on the victim's system.

Platforms Affected:

  • Gentoo, Linux
  • PuTTY, PuTTY prior to 0.55

Remedy:

Upgrade to the latest version of PuTTY (0.55 or later), available from the PuTTY Download Web Page. See References.

For Gentoo Linux:
Upgrade to the latest version of PuTTY, as listed in Gentoo Linux Security Advisory GGLSA 200408-04. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

  • PuTTY Change Log Web page, PuTTY Change Log at http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html.
  • PuTTY Download Web Page, PuTTY Download Page at http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
  • BID-10850: PuTTY Modpow Integer Handling Memory Corruption Vulnerability
  • BID-10870: PSCP Modpow Base Integer Handling Buffer Overrun Vulnerability
  • CVE-2004-1440: Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.
  • GLSA-200408-04: PuTTY: Pre-authentication arbitrary code execution
  • SA12212: PuTTY Authentication Process Buffer Overflow Vulnerabilities

Reported:

Aug 04, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page