Debian DSA-2736-1: Medium Risk From PuTTY Buffer Overflow Exploits
debian
August 11, 2013
Several vulnerabilities where discovered in PuTTY, a Telnet/SSH client for X
Topics Covered
Summary
CVE-2013-4206
Mark Wooding discovered a heap-corrupting buffer underrun bug in the
modmul function which performs modular multiplication. As the modmul
function is called during validation of any DSA signature received
by PuTTY, including during the initial key exchange phase, a
malicious server could exploit this vulnerability before the client
has received and verified a host key signature. An attack to this
vulnerability can thus be performed by a man-in-the-middle between
the SSH client and server, and the normal host key protections
against man-in-the-middle attacks are bypassed.
CVE-2013-4207
It was discovered that non-coprime values in DSA signatures can
cause a buffer overflow in the calculation code of modular inverses
when verifying a DSA signature. Such a signature is invalid. This
bug however applies to any DSA signature received by PuTTY,
including during the initial key exchange phase and thus it can be
exploited by a malicio...
PREVIOUS
NEXT
Severity
medium
Lowest
Low
Medium
High
Critical
Package: putty
CVE ID: CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!