Security

PuTTY in your hands: SSH client gets patched after RSA key exchange memory vuln spotted

Bunch of bugs stomped with version 0.71


Venerable SSH client PuTTY has received a pile of security patches, with its lead maintainer admitting to the The Register that one fixed a "'game over' level vulnerability".

The fixes implemented in PuTTY over the weekend include new features plugging a plethora of vulns in the Telnet and SSH client, most of which were uncovered as part of an EU-sponsored HackerOne bug bounty.

Version 0.71 of PuTTY includes fixes for:

Lead maintainer and "benevolent dictator" of all things PuTTY Simon Tatham told El Reg that "of all the things found by the EU bug bounty programme, the most serious was vuln-dss-verify. That really is a 'game over' level vulnerability for a secure network protocol: a MITM attacker could bypass the SSH host key system completely."

"Luckily," he continued, "it never appeared in a released version of PuTTY: it was introduced during work to rewrite the crypto for side-channel safety, and spotted only a few weeks later by a bug-bounty participant, well before the release came out. So the EU protected almost everybody from that one."

Another one of the patched vulns was PuTTY not enforcing minimum key lengths during RSA key exchange, creating an integer overflow situation. Tatham explained that this "could be triggered by a server whose host key hasn't yet been authenticated. So you'd not only have been at risk from servers you actually trust turning out to be untrustworthy; you were also at risk from anyone who could MITM your connection to such a server, because the usual mechanism that protects you from MITM has not yet kicked in at that stage in the connection."

The other major vuln patched in v0.71 involved planting a malicious help file in the PuTTY root directory, something Tatham said wouldn't have applied to those using the regular Windows .msi installer.

Opened in January, the EU review of PuTTY paid out more than $17,500 and was funded by the EU Directorate-General for Informatics, which describes itself as "providing digital services that support other Commission departments". The bounty formed a wider part of the EU's ongoing Free and Open Software Audit, or FOSSA. ®

Send us news
75 Comments

ROBOT crypto attack on RSA is back as Marvin arrives

More precise timing tests find many implementations vulnerable

Bug bounty hunters load up to stalk AI and fancy bagging big bucks

Google offers AI-specific rewards, HackerOne sees more specializations

Pentagon: We'll pay you if you can find a way to hack us

DoD puts money behind bug bounty program after reward-free pilot

Student crashes Cloudflare beta party, redirects email, bags a bug bounty

Simple to exploit, enough to pocket $3,000

North Koreans spotted harassing SMBs with malware

Also: Lawyers told to dissuade clients from paying off ransomware crooks, and more