PuTTY, the SSH client has been updated with various security patches, while its main maintainers recently admitted that a critical vulnerability was corrected, reported online ethical hacking training experts from International Institute of Cyber Security.
Among the fixes received recently PuTTY
include new features to solve multiple vulnerabilities in the Telnet and SSH
client; according to the online ethical hacking training experts, most of the
vulnerabilities were discovered thanks to the vulnerability bounty program
sponsored by the European Union.
PuTTY version 0.71 includes corrections for:
- Remotely
executable memory overwrite - A
possible recycling of random numbers used in cryptography - Hijacking
through malicious files on Windows - Remotely
executable buffer overflow on Unix - Possibility
of generating denial of service conditions
According to the online ethical hacking
training experts, the main maintainers of PuTTY believe that, among the
vulnerabilities reported in the EU bounty program, the most serious is vuln-dss-verify;
“Through a Man-in-the-Middle
(MiTM) attack, the EDL host SSH keys could be omitted completely”, the PuTTY
maintenance managers mentioned.
Fortunately, this vulnerability never appeared in
an available version of PuTTY, but it was presented when the code was rewritten
for the security of the side channel, so only long before the release of
version 0.71.
Another of the flaws detected is that PuTTY
does not impose a minimum of characters during the RSA key exchange, which
generates an integer overflow. “This could be exploited by a server whose host
key is not authenticated”.
Finally, in version 0.71 was corrected a
vulnerability that involved the injection of a malicious help file in the root
directory of PuTTY, although the maintainers commented that those who use the
Windows .msi installer are not affected by this flaws.
This research project was sponsored by the EU
Directorate-General for Informatics, which granted more than $17.5k USD in
rewards.
