Hello All. Many of us who have to interact with a Linux or Unix host use PuTTY for SSH, etc. PuTTY developers have just released an update to the 0.70 release from July 2017 with version 0.71 which corrects the following issues:
- Authentication Prompt Spoofing — Since PuTTY doesn’t have a way to indicate whether a piece of terminal output is genuine, the user-interface issue could be exploited by a malicious server to generate a fake authentication prompt at the client side, prompting victims to enter their private key passphrases.
- Code Execution via CHM Hijacking — When a user launches the online help within the PuTTY GUI tools, the software tries to locate its help file alongside its own executable.
- Buffer Overflow in Unix PuTTY Tools — According to the advisory, if a server opens too many port forwardings, PuTTY for Unix does not bounds-check the input file descriptor it collects while monitoring the collections of active Unix file descriptors for activity, leading to a buffer overflow issue.
“We don’t know if this was remotely exploitable, but it could at least be remotely triggered by a
- Reusing Cryptographic Random Numbers — This issue resides in the way cryptographic random number generator in PuTTY, occasionally using the same batch of random bytes twice.
- Integer Overflow Flaw — All prior versions of PuTTY suffers an Integer overflow issue due to missing key-size check-in RSA key exchange.
- and 7 and 8. Terminal DoS Attacks — Last three vulnerabilities in PuTTY allows a server to crash, or slow down client’s terminal by sending different text outputs.
Update to 0.71 as soon as possible. The PuTTY development team seem pretty serious about this one – https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.70.html