FreeBSD : putty -- pscp/psftp heap corruption vulnerabilities (a413ed94-836e-11d9-a9e7-0001020eed82)

High Nessus Plugin ID 19057


The remote FreeBSD host is missing a security-related update.


Simon Tatham reports :

This version fixes a security hole in previous versions of PuTTY, which can allow a malicious SFTP server to attack your client. If you use either PSCP or PSFTP, you should upgrade. Users of the main PuTTY program are not affected. (However, note that the server must have passed host key verification before this attack can be launched, so a man-in-the-middle shouldn't be able to attack you if you're careful.)


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 19057

File Name: freebsd_pkg_a413ed94836e11d9a9e70001020eed82.nasl

Version: $Revision: 1.16 $

Type: local

Published: 2005/07/13

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:putty, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2005/02/20

Vulnerability Publication Date: 2005/02/20

Reference Information

CVE: CVE-2005-0467

BID: 12601