FreeBSD : PuTTY -- integer overflow permits memory overwrite by forwarded ssh-agent connections (9b973e97-0a99-11e7-ace7-080027ef73ec)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Simon G. Tatham reports :

Many versions of PuTTY prior to 0.68 have a heap-corrupting integer
overflow bug in the ssh_agent_channel_data function which processes
messages sent by remote SSH clients to a forwarded agent connection.
[...]

This bug is only exploitable at all if you have enabled SSH agent
forwarding, which is turned off by default. Moreover, an attacker able
to exploit this bug would have to have already be able to connect to
the Unix-domain socket representing the forwarded agent connection.
Since any attacker with that capability would necessarily already be
able to generate signatures with your agent's stored private keys, you
should in normal circumstances be defended against this vulnerability
by the same precautions you and your operating system were already
taking to prevent untrusted people from accessing your SSH agent.

See also :

http://www.nessus.org/u?065f82ba
http://www.nessus.org/u?d5765862

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 97789 ()

Bugtraq ID:

CVE ID: CVE-2017-6542

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now