Subject: | |
From: | |
Reply To: | York U. announcements list - READ ONLY |
Date: | Thu, 5 Aug 2004 17:32:21 -0400 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
PuTTY(Telnet & SSH Client Vulnerability)
A new version of PuTTY os available on the CNS website:
http://www.cns.yorku.ca/computing/apps/telnet/index.html
*Vulnerability Description:*
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix
platforms, along with an xterm terminal emulator.
PuTTY and PSCP are client applications used by network and
security administrators to login securily to networked server systems.
We have found that by sending specially crafted packets to the client
during the authentication process, an attacker is able to compromise
and execute arbitrary code on the machine running PuTTY or PSCP.
In SSH2, an attacker impersonating a trusted host can launch an attack
before the client has the ability to determine the difference between
the trusted and fake host. This attack is performed before host key
verification.
*Vulnerable Packages:*
PuTTY 0.54 and previous versions are vulnerable.
Questions or concerns about this note, should be directed to
the CNS Helpdesk in the Computing Commons, William Small Centre,
(voice: 416-736-5800, email: [log in to unmask]).
CNS Announce
|
|
|