Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title putty security update
Informations
Name DSA-2736 First vendor Publication 2013-08-11
Vendor Debian Last vendor Modification 2013-08-11
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities where discovered in PuTTY, a Telnet/SSH client for X. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2013-4206

Mark Wooding discovered a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication. As the modmul function is called during validation of any DSA signature received by PuTTY, including during the initial key exchange phase, a malicious server could exploit this vulnerability before the client has received and verified a host key signature. An attack to this vulnerability can thus be performed by a man-in-the-middle between the SSH client and server, and the normal host key protections against man-in-the-middle attacks are bypassed.

CVE-2013-4207

It was discovered that non-coprime values in DSA signatures can cause a buffer overflow in the calculation code of modular inverses when verifying a DSA signature. Such a signature is invalid. This bug however applies to any DSA signature received by PuTTY, including during the initial key exchange phase and thus it can be exploited by a malicious server before the client has received and verified a host key signature.

CVE-2013-4208

It was discovered that private keys were left in memory after being used by PuTTY tools.

CVE-2013-4852

Gergely Eberhardt from SEARCH-LAB Ltd. discovered that PuTTY is vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication due to improper bounds checking of the length parameter received from the SSH server. A remote attacker could use this vulnerability to mount a local denial of service attack by crashing the putty client.

Additionally this update backports some general proactive potentially security-relevant tightening from upstream.

For the oldstable distribution (squeeze), these problems have been fixed in version 0.60+2010-02-20-1+squeeze2. This update also provides a fix for CVE-2011-4607, which was fixed for stable already.

For the stable distribution (wheezy), these problems have been fixed in version 0.62-9+deb7u1.

For the unstable distribution (sid), these problems have been fixed in version 0.63-1.

We recommend that you upgrade your putty packages.

Original Source

Url : http://www.debian.org/security/2013/dsa-2736

CWE : Common Weakness Enumeration

% Id Name
60 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20 % CWE-200 Information Exposure
20 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18299
 
Oval ID: oval:org.mitre.oval:def:18299
Title: DSA-2736-1 putty - several
Description: Several vulnerabilities where discovered in PuTTY, a Telnet/SSH client for X.
Family: unix Class: patch
Reference(s): DSA-2736-1
CVE-2013-4206
CVE-2013-4207
CVE-2013-4208
CVE-2013-4852
CVE-2011-4607
Version: 8
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
Product(s): putty
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 22
Application 45
Os 3
Os 1

OpenVAS Exploits

Date Description
0000-00-00 Name : FreeBSD Ports: putty
File : nvt/freebsd_putty1.nasl

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-655.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-650.nasl - Type : ACT_GATHER_INFO
2014-02-07 Name : The remote Windows host has an application installed that is affected by mult...
File : winscp_5_1_7.nasl - Type : ACT_GATHER_INFO
2014-02-07 Name : The remote Windows host has an application installed that is affected by an i...
File : winscp_5_1_6.nasl - Type : ACT_GATHER_INFO
2013-09-30 Name : The remote Fedora host is missing a security update.
File : fedora_2013-14794.nasl - Type : ACT_GATHER_INFO
2013-09-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201309-08.nasl - Type : ACT_GATHER_INFO
2013-08-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201308-01.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote Fedora host is missing a security update.
File : fedora_2013-14656.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote Fedora host is missing a security update.
File : fedora_2013-14676.nasl - Type : ACT_GATHER_INFO
2013-08-20 Name : The remote Fedora host is missing a security update.
File : fedora_2013-14706.nasl - Type : ACT_GATHER_INFO
2013-08-13 Name : The remote Windows host has an application that is affected by multiple vulne...
File : filezilla_373.nasl - Type : ACT_GATHER_INFO
2013-08-13 Name : The remote Windows host has an SSH client that is affected by multiple vulner...
File : putty_063.nasl - Type : ACT_GATHER_INFO
2013-08-13 Name : The remote Windows host has an application that is affected by a remote integ...
File : filezilla_372.nasl - Type : ACT_GATHER_INFO
2013-08-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2736.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_4b448a96ff7311e2b28d080027ef73ec.nasl - Type : ACT_GATHER_INFO
2011-12-21 Name : The remote Windows host has an SSH client that is affected by an information ...
File : putty_062.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_bbd5f48624f111e195bc080027ef73ec.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2014-02-17 11:32:05
  • Multiple Updates
2013-08-23 21:22:06
  • Multiple Updates
2013-08-21 00:21:51
  • Multiple Updates
2013-08-20 17:25:51
  • Multiple Updates
2013-08-12 00:20:24
  • First insertion