PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive     authentication response. This makes it easier for an attacker-controlled SSH server to present a later     spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for     purposes that are undesired by the client user). (CVE-2021-36367)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3794 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3794-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Bastien Roucaris     April 25, 2024                                https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : putty     Version        : 0.74-1+deb11u1~deb10u1     CVE ID         : CVE-2019-17069 CVE-2020-14002 CVE-2021-36367 CVE-2023-48795     Debian Bug     : 990901

    Putty, a Telnet/SSH client for X, was vulnerable.

    CVE-2019-17069

      PuTTY allowed remote SSH-1 servers to cause a denial       of service by accessing freed memory locations via an       SSH1_MSG_DISCONNECT message.

    CVE-2020-14002

      PuTTY had an Observable Discrepancy leading to an       information leak in the algorithm negotiation.
      This allowed man-in-the-middle attackers to target       initial connection attempts (where no host key for the       server has been cached by the client).

    CVE-2021-36367

      PuTTY proceeded with establishing an SSH session even       if it has never sent a substantive authentication response.
      This made it easier for an attacker-controlled SSH server       to present a later spoofed authentication prompt (that the       attacker can use to capture credential data, and use that       data for purposes that are undesired by the client user).

    CVE-2023-48795

       PuTTY was vulnerable to Terrapin attack.  The SSH transport        protocol with certain OpenSSH extensions, allowed remote attackers        to bypass integrity checks such that some packets are omitted (from        the extension negotiation message), and a client and server may        consequently end up with a connection for which some security        features have been downgraded or disabled. This occurs because the        SSH Binary Packet Protocol (BPP), implemented by these extensions,        mishandles the handshake phase and mishandles use of sequence        numbers. For example, there is an effective attack against SSH's        use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The        bypass occurs in chacha20-poly1305 and (if CBC is used)        the -etm MAC algorithms.

    For Debian 10 buster, this problem has been fixed in version     0.74-1+deb11u1~deb10u1.

    We recommend that you upgrade your putty packages.

    For the detailed security status of putty please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/putty

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host has a version of PuTTY installed that is prior to 0.76, which proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).
From version 0.76, PuTTY will include an option to abandon an SSH connection if the SSH server ends the user authentication phase of the protocol without requiring any substantive input from PuTTY.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5588 advisory.

  - PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive     authentication response. This makes it easier for an attacker-controlled SSH server to present a later     spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for     purposes that are undesired by the client user). (CVE-2021-36367)

  - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other     products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the     extension negotiation message), and a client and server may consequently end up with a connection for     which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because     the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and     mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of     ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and     (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API     before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80,     AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0,     Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15,     SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH     through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang     XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd     through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and     LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3,     Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server     before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the     mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh     crate before 0.40.2 for Rust. (CVE-2023-48795)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
258206	Linux Distros Unpatched Vulnerability : CVE-2021-36367	Nessus	Misc.	high
193899	Debian dla-3794 : pterm - security update	Nessus	Debian Local Security Checks	critical
190360	PuTTY < 0.76 Insufficient Verification of Data Authenticity	Nessus	Windows	high
187289	Debian DSA-5588-1 : putty - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2021-36367

high

Tenable Plugins

high

critical

high

high