PuTTY vulnerability vuln-passwd-memdump
This is a mirror. The primary PuTTY web site can be found
here.
Home |
Licence |
FAQ |
Docs |
Download |
Keys |
Links
Mirrors |
Updates |
Feedback |
Changes |
Wishlist |
Team
summary: Failure to scrub SSH-2 password from memory after use
class: vulnerability: This is a security vulnerability.
difficulty: fun: Just needs tuits, and not many of them.
priority: high: This should be fixed in the next release.
present-in: 0.53b
fixed-in: 2003-01-10 (0.54) (0.55) (0.56) (0.57) (0.58) (0.59) (0.60)
As reported in iDEFENSE
Security Advisory
01.28.03,
PuTTY 0.53b fails to scrub the password from a memory buffer after
authentication, making it trivially easy for an attacker with access
to a memory dump to recover the password. (This only applies when
using SSH-2.)
This is fixed in the nightly development snapshots as of 2003-01-10,
and will be fixed in the next stable release.
This vulnerability corresponds to CVE
CAN-2003-0048
.
Audit trail for this vulnerability.
If you want to comment on this web site, see the
Feedback page.
(last revision of this bug record was at 2008-02-23 18:05:37 +0000)
mirror powered by triplemind.com - Web directory, Ferienwohnung Berlin, Last Minute Reisen, Language schools in Spain, Pension Dresden Hotel, Markisen Sonnenschutz Plissees, Kreuzfahrten, Routenplaner, Sofort online, Fliegen, Ferienwohnung Harz, Newsletter Software, Ferienhäuser, weltweit Sprachreisen, Webdesign Homepage erstellen, Wellness Bayern Bewerbung Geld verdienen