FreeBSD : PuTTY -- Password vulnerability (bbd5f486-24f1-11e1-95bc-080027ef73ec)

low Nessus Plugin ID 57144

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Simon Tatham reports :

PuTTY 0.62 fixes a security issue present in 0.59, 0.60 and 0.61. If you log in using SSH-2 keyboard-interactive authentication (which is the usual method used by modern servers to request a password), the password you type was accidentally kept in PuTTY's memory for the rest of its run, where it could be retrieved by other processes reading PuTTY's memory, or written out to swap files or crash dumps.

Solution

Update the affected package.

See Also

https://lists.tartarus.org/pipermail/putty-announce/2011/000017.html

http://www.nessus.org/u?56386733

http://www.nessus.org/u?5910b5b2

Plugin Details

Severity: Low

ID: 57144

File Name: freebsd_pkg_bbd5f48624f111e195bc080027ef73ec.nasl

Version: 1.10

Type: local

Published: 12/13/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:putty, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/12/2011

Vulnerability Publication Date: 12/10/2011

Reference Information

CVE: CVE-2011-4607