Kuwait Linux User Group

PuTTY: Pre-authentication buffer overflow.
Date: Friday, October 29, 2004 @ 03:49:11 EDT
Topic: story



PuTTY 0.56, released today, fixes a serious security hole which can allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.56 as soon as possible.

compelet story





This article comes from Kuwait Linux User Group
http://www.q8linux.net

The URL for this story is:
http://www.q8linux.net/modules.php?name=News&file=article&sid=118