Multiple vulnerabilities in PuTTY
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2011-4607 CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 |
| CWE-ID | CWE-119 CWE-369 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
PuTTY Client/Desktop applications / Software for system administration |
| Vendor | Simon Tatham |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU42632
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-4607
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsPuTTY: 0.59 - 0.61
External linkshttp://seclists.org/oss-sec/2011/q4/499
http://seclists.org/oss-sec/2011/q4/500
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU42655
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4206
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.
MitigationInstall update from vendor's website.
Vulnerable software versionsPuTTY: 0.45 - 0.61
External linkshttp://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
http://secunia.com/advisories/54379
http://secunia.com/advisories/54533
http://svn.tartarus.org/sgt/putty/sshbn.c?sortby=date&r1=9977&r2=9976&pathrev=9977
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html
http://www.debian.org/security/2013/dsa-2736
http://www.openwall.com/lists/oss-security/2013/08/06/11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Division by zero
EUVDB-ID: #VU42656
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4207
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within . A remote attacker can pass specially crafted data to the application and crash it.
Install update from vendor's website.
Vulnerable software versionsPuTTY: 0.45 - 0.61
External linkshttp://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
http://secunia.com/advisories/54379
http://secunia.com/advisories/54533
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
http://www.debian.org/security/2013/dsa-2736
http://www.openwall.com/lists/oss-security/2013/08/06/11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU42657
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4208
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.
MitigationInstall update from vendor's website.
Vulnerable software versionsPuTTY: 0.45 - 0.61
External linkshttp://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
http://secunia.com/advisories/54379
http://secunia.com/advisories/54533
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
http://www.debian.org/security/2013/dsa-2736
http://www.openwall.com/lists/oss-security/2013/08/06/11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
