FreeBSD : PuTTY -- Password vulnerability (bbd5f486-24f1-11e1-95bc-080027ef73ec)

Low Nessus Plugin ID 57144


The remote FreeBSD host is missing a security-related update.


Simon Tatham reports :

PuTTY 0.62 fixes a security issue present in 0.59, 0.60 and 0.61. If you log in using SSH-2 keyboard-interactive authentication (which is the usual method used by modern servers to request a password), the password you type was accidentally kept in PuTTY's memory for the rest of its run, where it could be retrieved by other processes reading PuTTY's memory, or written out to swap files or crash dumps.


Update the affected package.

See Also

Plugin Details

Severity: Low

ID: 57144

File Name: freebsd_pkg_bbd5f48624f111e195bc080027ef73ec.nasl

Version: $Revision: 1.6 $

Type: local

Published: 2011/12/13

Modified: 2013/08/25

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:putty, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2011/12/12

Vulnerability Publication Date: 2011/12/10

Reference Information

CVE: CVE-2011-4607