PuTTY: Pre-authentication buffer overflow.

Posted on Friday, October 29, 2004 @ 03:49:11 EDT by meshal

PuTTY 0.56, released today, fixes a serious security hole which can allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.56 as soon as possible. compelet story

Topic: story
Associated Topicsstory