Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Are we vulnerable for the " PuTTY SSH handshake heap overflow" ? #79

Closed
wschoot opened this issue Aug 5, 2013 · 3 comments
Closed

Are we vulnerable for the " PuTTY SSH handshake heap overflow" ? #79

wschoot opened this issue Aug 5, 2013 · 3 comments

Comments

@wschoot
Copy link

@wschoot wschoot commented Aug 5, 2013

Hi,

As found on bugtraq on http://seclists.org/bugtraq/2013/Aug/26:

PuTTY versions 0.62 and earlier - as well as all software that
integrates these versions of PuTTY - are vulnerable to an integer overflow
leading to heap overflow during the SSH handshake before authentication,
caused by improper bounds checking of the length parameter received from the
SSH server.

Are we vulnerable?

FauxFaux added a commit that referenced this issue Aug 5, 2013
"Add an assortment of extra safety checks."

Direct cherry-pick of svn://svn.tartarus.org/sgt/putty@9896
@FauxFaux
Copy link
Owner

@FauxFaux FauxFaux commented Aug 5, 2013

For the stable release, probably, although it is being built with compiler checks which should make it harder to exploit.

I've released the supposed fix as p0.62-t014, just in case.

@FauxFaux FauxFaux closed this Aug 5, 2013
@FauxFaux
Copy link
Owner

@FauxFaux FauxFaux commented Aug 6, 2013

Sigh, a new release from trunk, with /everything/ in. I'm not convinced I'm ready to do that yet.

@FauxFaux FauxFaux reopened this Aug 6, 2013
FauxFaux added a commit that referenced this issue Aug 6, 2013
"Fix an array-size bug in modmul, and add some tests for it."

svn://svn.tartarus.org/sgt/putty@9977
FauxFaux added a commit that referenced this issue Aug 6, 2013
The bignum code has two representations of zero, since
bn_restore_invariant (and the many loops that duplicate it) leaves a
single zero word in a bignum representing 0, whereas the constant
'Zero' does not have any data words at all. Cope with this in
bignum_cmp.

(It would be a better plan to decide on one representation and stick
with it, but this is the less disruptive fix for the moment.)

svn://svn.tartarus.org/sgt/putty@9996

Conflicts:
	sshbn.c
FauxFaux added a commit that referenced this issue Aug 6, 2013
Another couple of memory leaks.

svn://svn.tartarus.org/sgt/putty@9988
@FauxFaux
Copy link
Owner

@FauxFaux FauxFaux commented Aug 6, 2013

I've backported all the fixes listed mentioned in the 0.63 release, however I'm not convinced these are actually all the security fixes, just all the ones identified.

vuln-modmul, vuln-signature-stringlen, vuln-bignum-division-by-zero, private-key-not-wiped

I will endeavour to get an alpha or beta of p0.63-t016 or so out soon(!).

@FauxFaux FauxFaux closed this Aug 6, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants