Download: Stable · Pre-release · Snapshot | Docs | Changes | Wishlist
Many versions of PuTTY prior to 0.56 have a memory corruption vulnerability in their treatment of received debug messages in SSH protocol version 2 (SSH2_MSG_DEBUG).
This message is handled in
ssh2_rdpkt(). A string length
is read from the SSH packet and clipped to the length of a buffer.
However, the string length is stored as a signed integer, and there is
no protection against its being large enough to be stored as a
negative number. This will bypass the length checking and appear as a
large positive number once again to the subsequent
memcpy(), causing a memory overflow. Code execution has
been demonstrated as a result of this overflow.
This bug is EXTREMELY SEVERE. PuTTY can process debug messages at any time in the protocol, including during the initial key exchange phase. Therefore, this bug can be exploited by a malicious server, before the client has received and verified a host key signature. So this attack can be performed by a man-in-the-middle between the SSH client and server, and the normal host key protections against MITM attacks are bypassed. Even if you trust the server you think you are connecting to, you are not safe.
This bug does not affect SSH protocol version 1, as the SSH1_MSG_DEBUG string length is sanity-checked against the packet length before use.
This bug was discovered by an anonymous contributor to iDEFENSE's Vulnerability Contributor Program. It is documented in iDEFENSE's advisory 10.27.04. It is also mentioned in an advisory by Secunia, numbered SA12987, and has been assigned CVE ID CVE-2004-1008 and OSVDB ID 11165.