Reported October 28, 2004, by  iDEFENSE

VERSIONS AFFECTED

  • PuTTY 0.55 and earlier

DESCRIPTION
A vulnerability in the Telnet/Secure Shell (SSH) program PuTTY could result in the remote execution of arbitrary code on the vulnerable system. This vulnerability is a result of insufficient bounds checking on SSH2_MSG_DEBUG packets. The stringlen parameter obtains a user-supplied value by reading in an integer from an offset in the packet data. Signedness problems cause the stringlen value to be incorrectly checked.

VENDOR RESPONSE
The author, Simon Tatham, has released PuTTY 0.56 to address this vulnerability.

CREDIT
Discovered by iDEFENSE.