FreeBSD : putty -- pscp/psftp heap corruption vulnerabilities (a413ed94-836e-11d9-a9e7-0001020eed82)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Simon Tatham reports :

This version fixes a security hole in previous versions of PuTTY,
which can allow a malicious SFTP server to attack your client. If you
use either PSCP or PSFTP, you should upgrade. Users of the main PuTTY
program are not affected. (However, note that the server must have
passed host key verification before this attack can be launched, so a
man-in-the-middle shouldn't be able to attack you if you're careful.)

See also :

http://lists.tartarus.org/pipermail/putty-announce/2005/000012.html
http://marc.info/?l=bugtraq&m=110902510713763
http://www.nessus.org/u?08d5139d
http://www.nessus.org/u?1ef33361
http://www.nessus.org/u?1fd536aa

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19057 (freebsd_pkg_a413ed94836e11d9a9e70001020eed82.nasl)

Bugtraq ID: 12601

CVE ID: CVE-2005-0467

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now