[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: [ GLSA 200408-04 ] PuTTY: Pre-authentication arbitrary code execution
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] Re: [ GLSA 200408-04 ] PuTTY: Pre-authentication arbitrary code execution
- From: harry <Rik.Bobbaers@xxxxxxxxxxxxxxxxx>
- Date: Fri, 06 Aug 2004 11:28:53 +0200
Sune Kloppenborg Jeppesen wrote:
<snip>
Description
===========
PuTTY contains a vulnerability allowing a malicious server to execute
arbitrary code on the connecting client before host key verification.
Impact
======
When connecting to a server using the SSH2 protocol an attacker is able
to execute arbitrary code with the permissions of the user running
PuTTY by sending specially crafted packets to the client during the
authentication process but before host key verification.
<snip>
does this mean that everyone on the network can execute arbitrary code
on the victim's machine by simply doing a man in the middle attack?
what other security issues are attached to this? is it only a
vulnerability if the server you're on is not trusted? (in that case, you
shouldn't even trust the ssh deamon and you shouldn't be there :))
--
harry
aka Rik Bobbaers
K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50
Rik.Bobbaers@xxxxxxxxxxxxxxxxx -=- http://harry.ulyssis.org
"\x41\x20\x63\x6f\x6d\x70\x75\x74\x65\x72\x20\x77\x69\x74\x68\x6f\x75\x74\x20"
"\x57\x69\x6e\x64\x6f\x77\x73\x20\x69\x73\x20\x6c\x69\x6b\x65\x20\x61\x20\x66"
"\x69\x73\x68\x20\x77\x69\x74\x68\x6f\x75\x74\x20\x61\x20\x62\x69\x63\x79\x63"
"\x6c\x65\x0a\x00"
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html