svn commit: r507000 - head/security/vuxml

Matthias Andree mandree at FreeBSD.org
Sat Jul 20 16:13:26 UTC 2019 

Author: mandree
Date: Sat Jul 20 16:13:25 2019
New Revision: 507000
URL: https://svnweb.freebsd.org/changeset/ports/507000

Log:
  Document PuTTY < 0.72 vulnerabilities.

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Sat Jul 20 16:12:02 2019	(r506999)
+++ head/security/vuxml/vuln.xml	Sat Jul 20 16:13:25 2019	(r507000)
@@ -58,6 +58,56 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="5914705c-ab03-11e9-a4f9-080027ac955c">
+    <topic>PuTTY 0.72 -- buffer overflow in SSH-1 and integer overflow in SSH client</topic>
+    <affects>
+      <package>
+	<name>putty</name> <range><lt>0.72</lt></range>
+	</package><package>
+	<name>putty-gtk2</name> <range><lt>0.72</lt></range>
+	</package><package>
+	<name>putty-nogtk</name> <range><lt>0.72</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Simon Tatham reports:</p>
+	<blockquote cite="https://lists.tartarus.org/pipermail/putty-announce/2019/000028.html">
+	  <p>Vulnerabilities fixed in this release include:</p>
+	  <ul>
+	    <li>A malicious SSH-1 server could trigger a buffer overrun by sending
+	      extremely short RSA keys, or certain bad packet length fields.
+	      Either of these could happen before host key verification, so even
+	      if you trust the server you *intended* to connect to, you would
+	      still be at risk.
+	    <br/>
+	      (However, the SSH-1 protocol is obsolete, and recent versions of
+	      PuTTY do not try it by default, so you are only at risk if you work
+	      with old servers and have explicitly configured SSH-1.)</li>
+	    <li>If a malicious process found a way to impersonate Pageant, then it
+	      could cause an integer overflow in any of the SSH client tools
+	      (PuTTY, Plink, PSCP, PSFTP) which accessed the malicious Pageant.</li>
+	  </ul>
+	  <p>Other security-related bug fixes include:</p>
+	  <ul>
+	    <li>The 'trust sigil' system introduced in PuTTY 0.71 to protect
+	      against server spoofing attacks had multiple bugs. Trust sigils
+	      were not turned off after login in the SSH-1 and Rlogin protocols,
+	      and not turned back on if you used the Restart Session command.
+	      Both are now fixed.</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://lists.tartarus.org/pipermail/putty-announce/2019/000028.html</url>
+    </references>
+    <dates>
+      <discovery>2019-07-14</discovery>
+      <entry>2019-07-20</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="df3db21d-1a4d-4c78-acf7-4639e5a795e0">
     <topic>jenkins -- multiple vulnerabilities</topic>
     <affects>

More information about the svn-ports-all mailing list