LISTSERV - YORK-ANNOUNCE-L Archives

YORK-ANNOUNCE-L Archives

York U. announcements list - READ ONLY

YORK-ANNOUNCE-L@YORKU.CA

	LISTSERV Archives
	YORK-ANNOUNCE-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Sender:	"York U. announcements list - READ ONLY" <[log in to unmask]>
Subject:	PuTTY(Telnet & SSH Client Vulnerability)
From:	CNS Announce <[log in to unmask]>
Date:	Thu, 5 Aug 2004 17:32:21 -0400
Content-Type:	TEXT/PLAIN; charset=US-ASCII
MIME-Version:	1.0
Reply-To:	"York U. announcements list - READ ONLY" <[log in to unmask]>
Parts/Attachments:	TEXT/PLAIN (34 lines)

PuTTY(Telnet & SSH Client Vulnerability)

A new version of PuTTY os available on the CNS website:
http://www.cns.yorku.ca/computing/apps/telnet/index.html

*Vulnerability Description:*

 PuTTY is a free implementation of Telnet and SSH for Win32 and Unix
 platforms, along with an xterm terminal emulator.

 PuTTY and PSCP are client applications used by network and
 security administrators to login securily to networked server systems.

 We have found that by sending specially crafted packets to the client
 during the authentication process, an attacker is able to compromise
 and execute arbitrary code on the machine running PuTTY or PSCP.

 In SSH2, an attacker impersonating a trusted host can launch an attack
 before the client has the ability to determine the difference between
 the trusted and fake host. This attack is performed before host key
 verification.

*Vulnerable Packages:*

 PuTTY 0.54 and previous versions are vulnerable.


Questions or concerns about this note, should be directed to
the CNS Helpdesk in the Computing Commons, William Small Centre,
(voice: 416-736-5800, email: [log in to unmask]).


CNS Announce

ATOM RSS1 RSS2

LISTSERV.YORKU.CA