Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
PuTTY 0.53 and earlier are vulnerable to the attack described in CERT advisory CA-2002-36 "Multiple Vulnerabilities in SSH Implementations" (also VU#389665). This vulnerability is believed to be fixed in 0.53b (released Nov 12, 2002).
Certain well-chosen malformed or unusual packets can lead to remote code execution attacks. See the Rapid7 advisory and their SSHredder test suite for details.
I-Proyectos has released a proof-of-concept exploit to BugTraq.
CVE have assigned the following candidate IDs to the vulnerabilities tested for by SSHredder:
(I haven't checked which of these PuTTY was actually vulnerable to).