Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Silly PuTTY; crime pays; if it quacks like a duck get the orange sauce.

Published: 2005-02-21
Last Updated: 2005-02-22 14:46:19 UTC
by donald smith (Version: 1)
0 comment(s)

It is time to patch/upgrade your PuTTY client again.


http://secunia.com/advisories/14333/
Two vulnerabilities have been reported in PuTTY, which can be exploited by malicious people to compromise a user's system.
Get your updates here:
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html




UPDATED: Its not the ssh client itself that has the issue.
It is the psftp and pscp portions of PuTTY.
From the original notification:

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html
Many versions of PSFTP and PSCP prior to 0.57 have a heap corruption vulnerability in their treatment of the response to the FXP_READDIR command (enumerate entries in a directory) in the SSH File Transfer Protocol (SFTP).

In order for this vulnerability to be exploited, the user connect to a malicious server and issue a ls or dir command to PSFTP, or supply the -ls command-line option to PSCP.

Crime pays at least for a while.



According to
http://www.crime-research.org/news/16.02.2005/965/
Members of the Gambino crime family,
reputed to be part of the New York Mob,
have been charged with stealing over $650 million
using phone and internet fraud.

We have received reports of issues with some ad removal software.


In general we don't endorse products. But occasionally we will
recommend a package we have used. If you find a package that is
suspect feel free to send us an email. If you go to a site and get
popups for anti-virus, firewall, ad removal software you should suspect
any security company that uses popups or spam to advertise their security product.
Not all of them are bad but you may not want to do business with companies
that use spam, spim, or popups to advertise their security products.

US goverment agency security report card


http://www.iwar.org.uk/news-archive/2005/02-16-5.htm

It's getting better but there is still plenty of room for improvement.


This diary and the opinions expressed here are my opinion.


I have been wrong in the past and plan to be again in the future.
Donald.Smith:)
Keywords:
0 comment(s)
Diary Archives