Reported October 28, 2004,
by iDEFENSE
VERSIONS AFFECTED
DESCRIPTION
A vulnerability in the Telnet/Secure Shell (SSH) program PuTTY could
result in the remote execution of arbitrary code on the vulnerable system. This
vulnerability is a result of insufficient bounds checking on SSH2_MSG_DEBUG
packets. The stringlen parameter obtains a user-supplied value by reading in an
integer from an offset in the packet data. Signedness problems cause the stringlen
value to be incorrectly checked.
VENDOR RESPONSE
The author, Simon Tatham, has released PuTTY 0.56
to address this vulnerability.
CREDIT
Discovered by iDEFENSE.