SB2013082002 - Multiple vulnerabilities in PuTTY
Published: August 20, 2013 Updated: October 31, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2011-4607)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.
2) Buffer overflow (CVE-ID: CVE-2013-4206)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.
3) Division by zero (CVE-ID: CVE-2013-4207)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within . A remote attacker can pass specially crafted data to the application and crash it.
4) Information disclosure (CVE-ID: CVE-2013-4208)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.
Remediation
Install update from vendor's website.
References
- http://seclists.org/oss-sec/2011/q4/499
- http://seclists.org/oss-sec/2011/q4/500
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
- http://secunia.com/advisories/54379
- http://secunia.com/advisories/54533
- http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html
- http://www.debian.org/security/2013/dsa-2736
- http://www.openwall.com/lists/oss-security/2013/08/06/11
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html