Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Are we vulnerable for the " PuTTY SSH handshake heap overflow" ? #79

Closed
wschoot opened this Issue Aug 5, 2013 · 3 comments

Comments

Projects
None yet
2 participants
@wschoot
Copy link

wschoot commented Aug 5, 2013

Hi,

As found on bugtraq on http://seclists.org/bugtraq/2013/Aug/26:

PuTTY versions 0.62 and earlier - as well as all software that
integrates these versions of PuTTY - are vulnerable to an integer overflow
leading to heap overflow during the SSH handshake before authentication,
caused by improper bounds checking of the length parameter received from the
SSH server.

Are we vulnerable?

FauxFaux added a commit that referenced this issue Aug 5, 2013

GH-79: backport supposed fix for CVE-2013-4852
"Add an assortment of extra safety checks."

Direct cherry-pick of svn://svn.tartarus.org/sgt/putty@9896
@FauxFaux

This comment has been minimized.

Copy link
Owner

FauxFaux commented Aug 5, 2013

For the stable release, probably, although it is being built with compiler checks which should make it harder to exploit.

I've released the supposed fix as p0.62-t014, just in case.

@FauxFaux FauxFaux closed this Aug 5, 2013

@FauxFaux

This comment has been minimized.

Copy link
Owner

FauxFaux commented Aug 6, 2013

Sigh, a new release from trunk, with /everything/ in. I'm not convinced I'm ready to do that yet.

@FauxFaux FauxFaux reopened this Aug 6, 2013

FauxFaux added a commit that referenced this issue Aug 6, 2013

GH-79: backport supposed fix for vuln-modmul
"Fix an array-size bug in modmul, and add some tests for it."

svn://svn.tartarus.org/sgt/putty@9977

FauxFaux added a commit that referenced this issue Aug 6, 2013

GH-79: backport supposed fix for vuln-bignum-division-by-zero
The bignum code has two representations of zero, since
bn_restore_invariant (and the many loops that duplicate it) leaves a
single zero word in a bignum representing 0, whereas the constant
'Zero' does not have any data words at all. Cope with this in
bignum_cmp.

(It would be a better plan to decide on one representation and stick
with it, but this is the less disruptive fix for the moment.)

svn://svn.tartarus.org/sgt/putty@9996

Conflicts:
	sshbn.c

FauxFaux added a commit that referenced this issue Aug 6, 2013

GH-79: Backport fix for private-key-not-wiped
Another couple of memory leaks.

svn://svn.tartarus.org/sgt/putty@9988
@FauxFaux

This comment has been minimized.

Copy link
Owner

FauxFaux commented Aug 6, 2013

I've backported all the fixes listed mentioned in the 0.63 release, however I'm not convinced these are actually all the security fixes, just all the ones identified.

vuln-modmul, vuln-signature-stringlen, vuln-bignum-division-by-zero, private-key-not-wiped

I will endeavour to get an alpha or beta of p0.63-t016 or so out soon(!).

@FauxFaux FauxFaux closed this Aug 6, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.