FreeBSD : putty -- buffer overflow vulnerability in ssh2 support (19518d22-2d05-11d9-8943-0050fc56d258)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

There is a bug in SSH2 support that allows a server to execute
malicious code on a connecting PuTTY client. This attack can be
performed before host key verification happens, so a different machine
-- man in the middle attack -- could fake the machine you are
connecting to.

See also :

http://marc.info/?l=bugtraq&m=109890310929207
http://www.gentoo.org/security/en/glsa/glsa-200410-29.xml
http://www.nessus.org/u?d5211b5a
http://www.nessus.org/u?4a94a187

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 37021 (freebsd_pkg_19518d222d0511d989430050fc56d258.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now