Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 59383 - net-misc/putty: server can execute arbitrary code on connecting putty clients
Summary: net-misc/putty: server can execute arbitrary code on connecting putty clients
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2004-08-04 04:53 UTC by Carsten Lohrke (RETIRED)
Modified: 2011-10-30 22:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2004-08-04 04:53:52 UTC
PuTTY 0.55, released today, fixes a serious security hole which may allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.55 as soon as possible.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-08-04 08:08:59 UTC
Travis : please bump putty to version 0.55
Comment 2 Tavis Ormandy (RETIRED) gentoo-dev 2004-08-04 09:20:15 UTC
bumped as requested, old ebuilds removed.
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2004-08-04 10:20:10 UTC
Ready for a GLSA
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-05 02:03:45 UTC
GLSA drafted : security please review.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-05 05:12:56 UTC