You are here

V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities

August 7, 2013 - 6:00am

Addthis

PROBLEM:

SEARCH-LAB has reported some vulnerabilities in PuTTY

PLATFORM:

PuTTY 0.x

ABSTRACT:

The vulnerabilities can be exploited by malicious people to potentially compromise a user's system.

REFERENCE LINKS:

Secunia Advisory SA54354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3520
CVE-2013-4206
CVE-2013-4207
CVE-2013-4208
CVE-2013-4852

IMPACT ASSESSMENT:

Medium

DISCUSSION:

The vulnerabilities are caused due to some integer overflow errors when handling the SSH handshake and can be exploited to cause heap-based buffer overflows via a negative handshake message length.

IMPACT:

Successful exploitation of may allow execution of arbitrary code

SOLUTION:

Fixed in the source code repository

 

Addthis