Skip navigation
Menu
Security

Arbitrary Code Execution in PuTTY for Windows

Reported October 28, 2004, by  iDEFENSE

VERSIONS AFFECTED

  • PuTTY 0.55 and earlier

DESCRIPTION
A vulnerability in the Telnet/Secure Shell (SSH) program PuTTY could result in the remote execution of arbitrary code on the vulnerable system. This vulnerability is a result of insufficient bounds checking on SSH2_MSG_DEBUG packets. The stringlen parameter obtains a user-supplied value by reading in an integer from an offset in the packet data. Signedness problems cause the stringlen value to be incorrectly checked.

VENDOR RESPONSE
The author, Simon Tatham, has released PuTTY 0.56 to address this vulnerability.

CREDIT
Discovered by iDEFENSE.

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
1200x1555.png
Sponsor Content
Network Slicing Guarantees the QoS of Multi-Service Over a Single Network
Nov 27, 2023
Woman holding tablet
Sponsor Content
IT Leaders Tackle New Priorities: Security, AI, and CX
Oct 23, 2023
2024 trends and magnifying glass on pad of paper
Gartner Predicts Top 10 Strategic Technology Trends for 2024
Oct 16, 2023
wood blocks shaped like a lock and a group of people
ITPro Today's 2023 Cybersecurity Survey Report
Oct 16, 2023