PuTTY 0.52 to 0.62 Multiple Vulnerabilities
Medium Nessus Plugin ID 69318
SynopsisThe remote Windows host has an SSH client that is affected by multiple vulnerabilities.
DescriptionThe remote host has an installation of PuTTY version 0.52 or greater but earlier than version 0.63. As such, it is reportedly affected by the following vulnerabilities :
- An overflow error exists in the function 'modmul' in the file 'putty/sshbn.c' that could allow heap corruption when handling DSA signatures. (CVE-2013-4206)
- A buffer overflow error exists related to modular inverse calculation, non-coprime values and DSA signature verification. (CVE-2013-4207)
- An error exists in the file 'putty/sshdss.c' that could allow disclosure of private key material.
- Multiple overflow errors exist in the files 'sshrsa.c' and 'sshdss.c'. (CVE-2013-4852)
SolutionUpgrade to PuTTY version 0.63 or later.