FreeBSD : PuTTY -- Password vulnerability (bbd5f486-24f1-11e1-95bc-080027ef73ec)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Simon Tatham reports :

PuTTY 0.62 fixes a security issue present in 0.59, 0.60 and 0.61. If
you log in using SSH-2 keyboard-interactive authentication (which is
the usual method used by modern servers to request a password), the
password you type was accidentally kept in PuTTY's memory for the rest
of its run, where it could be retrieved by other processes reading
PuTTY's memory, or written out to swap files or crash dumps.

See also :

http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html
http://www.nessus.org/u?d29e474b
http://www.nessus.org/u?dc42791d

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 57144 ()

Bugtraq ID:

CVE ID: CVE-2011-4607

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now