Skip to content
This repository has been archived by the owner on Apr 19, 2024. It is now read-only.

Are we vulnerable for the " PuTTY SSH handshake heap overflow" ? #79

Closed
wschoot opened this issue Aug 5, 2013 · 3 comments
Closed

Are we vulnerable for the " PuTTY SSH handshake heap overflow" ? #79

wschoot opened this issue Aug 5, 2013 · 3 comments

Comments

@wschoot
Copy link

wschoot commented Aug 5, 2013

Hi,

As found on bugtraq on http://seclists.org/bugtraq/2013/Aug/26:

PuTTY versions 0.62 and earlier - as well as all software that
integrates these versions of PuTTY - are vulnerable to an integer overflow
leading to heap overflow during the SSH handshake before authentication,
caused by improper bounds checking of the length parameter received from the
SSH server.

Are we vulnerable?
FauxFaux pushed a commit that referenced this issue Aug 5, 2013
@FauxFaux
GH-79: backport supposed fix for CVE-2013-4852
76ba385 
"Add an assortment of extra safety checks."

Direct cherry-pick of svn://svn.tartarus.org/sgt/putty@9896
@FauxFaux
Copy link
Owner

FauxFaux commented Aug 5, 2013

For the stable release, probably, although it is being built with compiler checks which should make it harder to exploit.

I've released the supposed fix as p0.62-t014, just in case.

@FauxFaux FauxFaux closed this as completed Aug 5, 2013
@FauxFaux
Copy link
Owner

FauxFaux commented Aug 6, 2013

Sigh, a new release from trunk, with /everything/ in. I'm not convinced I'm ready to do that yet.

@FauxFaux FauxFaux reopened this Aug 6, 2013
FauxFaux pushed a commit that referenced this issue Aug 6, 2013
@FauxFaux
GH-79: backport supposed fix for vuln-modmul
f734d72 
"Fix an array-size bug in modmul, and add some tests for it."

svn://svn.tartarus.org/sgt/putty@9977
FauxFaux pushed a commit that referenced this issue Aug 6, 2013
@FauxFaux
GH-79: backport supposed fix for vuln-bignum-division-by-zero
48091be 
The bignum code has two representations of zero, since
bn_restore_invariant (and the many loops that duplicate it) leaves a
single zero word in a bignum representing 0, whereas the constant
'Zero' does not have any data words at all. Cope with this in
bignum_cmp.

(It would be a better plan to decide on one representation and stick
with it, but this is the less disruptive fix for the moment.)

svn://svn.tartarus.org/sgt/putty@9996

Conflicts:
	sshbn.c
FauxFaux pushed a commit that referenced this issue Aug 6, 2013
@FauxFaux
GH-79: Backport fix for private-key-not-wiped
61c5a83 
Another couple of memory leaks.

svn://svn.tartarus.org/sgt/putty@9988
FauxFaux added a commit that referenced this issue Aug 6, 2013
@FauxFaux
GH-79: smemclr for private-key-not-wiped
40a22b9
@FauxFaux
Copy link
Owner

FauxFaux commented Aug 6, 2013

I've backported all the fixes listed mentioned in the 0.63 release, however I'm not convinced these are actually all the security fixes, just all the ones identified.

vuln-modmul, vuln-signature-stringlen, vuln-bignum-division-by-zero, private-key-not-wiped

I will endeavour to get an alpha or beta of p0.63-t016 or so out soon(!).

@FauxFaux FauxFaux closed this as completed Aug 6, 2013
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FauxFaux @wschoot