Heap overflow using Bignum
While PSCP is authenticating to the server this vulnerability can be triggered by sending a specially crafted big number (the “base” big number sent by the server).
 Another heap overflow using Bignum
A second vulnerability can be triggered in the PuTTY client during the authentication process. By modifying the second big number sent by the server, an attacker can make the PuTTY client crash. We believe this could be exploited by an attacker to execute arbitrary code on the machine running PuTTY.
Jaunās versijas izmaiņu saraksts.
- Security fix: a vulnerability discovered by Core SecurityTechnologies (advisory number CORE-2004-0705),potentially allowing arbitrary code execution on the client by amalicious server before host key verification, has beenfixed.
- Bug fix: General robustness of the SSH1 implementation has been improved,which may have fixed further potential security problems although weare not aware of any specific ones.
- Bug fix: Random noise generation was hanging some computers andinterfering with other processes’ precision timing, and should nownot do so.
- Bug fix: dead key support should work better.
- Bug fix: a terminal speed is now sent to the SSH server.
- Bug fix: removed a spurious diagnostic message in Plink.
- Bug fix: the `-load’ option in PSCP and PSFTP should work better.
- Bug fix: X forwarding on the Unix port can now talk to Unixsockets as well as TCP sockets.
- Bug fix: various crashes and assertion failures fixed..