PuTTY in your hands: SSH client gets patched after RSA key exchange memory vuln spotted

Bunch of bugs stomped with version 0.71

75 Reg comments Got Tips?

Venerable SSH client PuTTY has received a pile of security patches, with its lead maintainer admitting to the The Register that one fixed a "'game over' level vulnerability".

The fixes implemented in PuTTY over the weekend include new features plugging a plethora of vulns in the Telnet and SSH client, most of which were uncovered as part of an EU-sponsored HackerOne bug bounty.

Version 0.71 of PuTTY includes fixes for:

  • A remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
  • Potential recycling of random numbers used in cryptography
  • On Windows, hijacking by a malicious help file in the same directory as the executable
  • On Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
  • multiple denial-of-service attacks that can be triggered by writing to the terminal

Lead maintainer and "benevolent dictator" of all things PuTTY Simon Tatham told El Reg that "of all the things found by the EU bug bounty programme, the most serious was vuln-dss-verify. That really is a 'game over' level vulnerability for a secure network protocol: a MITM attacker could bypass the SSH host key system completely."

"Luckily," he continued, "it never appeared in a released version of PuTTY: it was introduced during work to rewrite the crypto for side-channel safety, and spotted only a few weeks later by a bug-bounty participant, well before the release came out. So the EU protected almost everybody from that one."

Another one of the patched vulns was PuTTY not enforcing minimum key lengths during RSA key exchange, creating an integer overflow situation. Tatham explained that this "could be triggered by a server whose host key hasn't yet been authenticated. So you'd not only have been at risk from servers you actually trust turning out to be untrustworthy; you were also at risk from anyone who could MITM your connection to such a server, because the usual mechanism that protects you from MITM has not yet kicked in at that stage in the connection."

The other major vuln patched in v0.71 involved planting a malicious help file in the PuTTY root directory, something Tatham said wouldn't have applied to those using the regular Windows .msi installer.

Opened in January, the EU review of PuTTY paid out more than $17,500 and was funded by the EU Directorate-General for Informatics, which describes itself as "providing digital services that support other Commission departments". The bounty formed a wider part of the EU's ongoing Free and Open Software Audit, or FOSSA. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

$2.07bn? That's one Dell of a deal to offload infosec biz RSA

Texan tech giant hacks off part of security real estate, sells to consortium

Roses are red, IBM is Big Blue. It's out of RSA Conference after coronavirus review: IBMers will not attend infosec event over 'health concerns'

Updated Who will join the IT giant in staying away from San Francisco?

RSA Conference loses one more abbreviated tech giant after AT&T disconnects over novel coronavirus fears

RSA Alternative headline: Killer bio-nasty linked to former alien vault and cyber-hacker gathering

California tech industry gets its first big coronavirus hit: RSA Conference attendee infected, in serious condition

Updated NASA also struck, more conferences cancelled, WISPA is moving ahead

'I give fusion power a higher chance of succeeding than quantum computing' says the R in the RSA crypto-algorithm

RSA Expert panel sesh turns heated on infosec conference's opening day

Adi Shamir visa snub: US govt slammed after the S in RSA blocked from his own RSA conf

RSA 'If someone like me can't get in to give a keynote, perhaps it's time we rethink where we organize our events'

Keen to check for 'abnormal' user behaviours? Microsoft talks insider risk, AWS imports and compliance at infosec shindig RSA

RSA Before you remove the mote from thy hacker's eye, remove the beam from the eyes of your, er, Teams

Rowhammer rides again as FPGA attack, RSA again reportedly up for sale, anti-theft kit to nuke laptops, etc

Roundup Including: Tesla and a town hit hard by spear-phish bridge scammers

Biting the hand that feeds IT © 1998–2020