Reported October 28, 2004, by iDEFENSE
A vulnerability in the Telnet/Secure Shell (SSH) program PuTTY could result in the remote execution of arbitrary code on the vulnerable system. This vulnerability is a result of insufficient bounds checking on SSH2_MSG_DEBUG packets. The stringlen parameter obtains a user-supplied value by reading in an integer from an offset in the packet data. Signedness problems cause the stringlen value to be incorrectly checked.
The author, Simon Tatham, has released PuTTY 0.56 to address this vulnerability.
Discovered by iDEFENSE.