The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of PuTTY

vulnerability announce CVE-2019-6110

OpenSSH scp, PuTTY PSCP: spoofing via Scp Client ANSI Codes stderr File Hidding

Synthesis of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Impacted products: IBM i, OpenSSH, openSUSE Leap, Solaris, PuTTY, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***.
Severity: 1/4.
Consequences: disguisement.
Provenance: internet server.
Creation date: 14/01/2019.
Identifiers: bulletinjan2019, CVE-2019-6110, ibm10731015, openSUSE-SU-2019:0091-1, openSUSE-SU-2019:0093-1, SUSE-SU-2019:0125-1, SUSE-SU-2019:0126-1, SUSE-SU-2019:0132-1, SUSE-SU-2019:13931-1, VIGILANCE-VUL-28262.

Description of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-6109

OpenSSH scp, PuTTY PSCP: spoofing via Scp Client ANSI Codes File Hidding

Synthesis of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Impacted products: Debian, Fedora, IBM i, OpenSSH, openSUSE Leap, Solaris, PuTTY, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 1/4.
Consequences: disguisement.
Provenance: internet server.
Creation date: 14/01/2019.
Identifiers: bulletinjan2019, CVE-2019-6109, DLA-1728-1, DSA-4387-1, DSA-4387-2, FEDORA-2019-0f4190cdb0, ibm10731015, openSUSE-SU-2019:0091-1, openSUSE-SU-2019:0093-1, openSUSE-SU-2019:0307-1, SUSE-SU-2019:0125-1, SUSE-SU-2019:0126-1, SUSE-SU-2019:0132-1, SUSE-SU-2019:0496-1, SUSE-SU-2019:0941-1, SUSE-SU-2019:13931-1, SUSE-SU-2019:14016-1, SUSE-SU-2019:14030-1, USN-3885-1, USN-3885-2, VIGILANCE-VUL-28261.

Description of the vulnerability

An attacker can spoof displayed filenames on the scp client of OpenSSH and PuTTY, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 23186

PuTTY: code execution via CRYPTBASE.DLL

Synthesis of the vulnerability

An attacker can use a vulnerability via CRYPTBASE.DLL of PuTTY, in order to run code.
Impacted products: PuTTY, X2GoClient.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 10/07/2017.
Identifiers: VIGILANCE-VUL-23186.

Description of the vulnerability

An attacker can use a vulnerability via CRYPTBASE.DLL of PuTTY, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 22616

PuTTY: code execution via détournement de DLL

Synthesis of the vulnerability

An attacker can make Putty run arbitrary machine code from a DLL located in the PuTTY folder.
Impacted products: PuTTY, WinSCP, X2GoClient.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 02/05/2017.
Identifiers: VIGILANCE-VUL-22616.

Description of the vulnerability

The vulnerabilities in DLL management described in the bulletins VIGILANCE-VUL-19558 and VIGILANCE-VUL-21958 have not been fully fixed.

A local attacker can therefore make Putty run arbitrary machine code from a DLL located in the PuTTY folder.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-6167 CVE-2017-6542

PuTTY: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PuTTY.
Impacted products: Fedora, openSUSE Leap, PuTTY, WinSCP, X2GoClient.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 24/02/2017.
Revision date: 22/03/2017.
Identifiers: CVE-2016-6167, CVE-2017-6542, FEDORA-2017-efdd962fee, openSUSE-SU-2017:0741-1, VIGILANCE-VUL-21958.

Description of the vulnerability

Several vulnerabilities were announced in PuTTY.

An attacker can generate an integer overflow via ssh_agent_channel_data(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-6542]

An attacker can create a malicious DLL, and then put it in the current directory, in order to execute code. [severity:2/4; CVE-2016-6167]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-2542

Flexera InstallShield, JRSoft Inno Setup: code execution via DLL-planting

Synthesis of the vulnerability

An attacker can create a malicious DLL for Flexera InstallShield or JRSoft Inno Setup, in order to run code with administrator privileges.
Impacted products: NetWorker, FortiClient, DB2 UDB, Notes, Tivoli Storage Manager, WebSphere MQ, Notepad++, PuTTY, X2GoClient.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 09/05/2016.
Revisions dates: 02/06/2016, 06/07/2016.
Identifiers: 1610582, 1978168, 1978363, 1979808, 1980839, 1982467, 1982741, 1982809, 1983796, 1983797, 1983813, 1983814, 1983815, 1984184, 1984743, 1984863, 494999, CVE-2016-2542, ESA-2017-008, FG-IR-16-046, VIGILANCE-VUL-19558.

Description of the vulnerability

The products Flexera InstallShield and JRSoft Inno Setup are used to create installation program for software packages.

In some cases, the generated programs load extension modules the name and possible locations depend on the considered package. However, in some cases, the installer looks for these extension DLL in folders which are writeable by unprivileged users, while the installation program that loads and run this DLL is expected to be run by an administrator. A typical case of this is the download folder of a browser. One should note that these installers are expected to be run only a few times, so possibilities of exploit attempts are rare.

This bug has also been reported for other products in the bulletin VIGILANCE-VUL-18671.

An attacker can therefore create a malicious DLL for Flexera InstallShield or JRSoft Inno Setup, in order to run code with administrator privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-2563

PuTTY: buffer overflow of SCP

Synthesis of the vulnerability

An attacker, who corrupts a SCP server already known by PuTTY, can generate a buffer overflow in the PSCP client, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE, openSUSE Leap, PuTTY, X2GoClient.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet server.
Creation date: 07/03/2016.
Identifiers: CVE-2016-2563, FEDORA-2016-96379cb8d1, FEDORA-2016-c71532c5e2, openSUSE-SU-2016:1453-1, VIGILANCE-VUL-19112.

Description of the vulnerability

The PuTTY client implements the SCP protocol, which is used to copy files.

However, if a malicious SCP server returns a large SCP-SINK File-Size reply, an overflow occurs.

It can be noted this overflow occurs after the host key verification.

An attacker, who corrupts a SCP server already known by PuTTY, can therefore generate a buffer overflow in the PSCP client, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 18671

Windows: code execution during application installation

Synthesis of the vulnerability

An attacker can invite the victim to download malicious libraries on Windows, in order to run code during the installation of an application requiring these DLL.
Impacted products: 7-Zip, ZoneAlarm, FileZilla Server, GIMP, Chrome, Kaspersky AV, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, Windows Vista, Opera, Panda AV, Panda Internet Security, PuTTY, OfficeScan, TrueCrypt, VLC.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 11/01/2016.
Identifiers: sk110055, VIGILANCE-VUL-18671.

Description of the vulnerability

When a user installs a new application on Windows, he downloads the installation program (install.exe for example), and then runs it.

However, several installation programs load DLL (for example graph.dll) from the current directory. So, if an attacker invited the victim to download a malicious graph.dll file, before he runs install.exe from the Download directory, the code located in the DLL is run.

See also the bulletin VIGILANCE-VUL-19558 for other impacted products.

An attacker can therefore invite the victim to download malicious libraries on Windows, in order to run code during the installation of an application requiring these DLL.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-5309

PuTTY: integer overflow of ECH

Synthesis of the vulnerability

An attacker, who owns a malicious SSH server, can invite the victim to connect with Putty, to generate an integer overflow with ECH, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, PuTTY, X2GoClient.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: intranet server.
Creation date: 09/11/2015.
Identifiers: CERTFR-2015-AVI-540, CVE-2015-5309, DSA-3409-1, FEDORA-2015-3d17682c15, FEDORA-2015-5ad4a1f151, openSUSE-SU-2015:2023-1, VIGILANCE-VUL-18265.

Description of the vulnerability

The PuTTY product emulates a Unix terminal.

This terminal supports ANSI escape sequences. The ECH (erase characters, "ESC [ n X") sequence deletes several characters. However, if the number of characters is too large, an integer overflows, and Putty alters data located outside the current buffer.

An attacker, who owns a malicious SSH server, can therefore invite the victim to connect with Putty, to generate an integer overflow with ECH, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-2157

PuTTY: reading keys from memory

Synthesis of the vulnerability

An attacker, who can read the PuTTY process memory, can read private keys of PuTTY users, in order to escalate his privileges.
Impacted products: Debian, Fedora, openSUSE, PuTTY, WinSCP.
Severity: 1/4.
Consequences: data reading.
Provenance: privileged shell.
Creation date: 02/03/2015.
Identifiers: CVE-2015-2157, DSA-3190-1, FEDORA-2015-3160, FEDORA-2015-3204, openSUSE-SU-2015:0474-1, VIGILANCE-VUL-16286.

Description of the vulnerability

The PuTTY product uses pairs of public and private keys.

However, the ssh2_load_userkey() function does not delete keys from the memory after using them.

An attacker, who can read the PuTTY process memory, can therefore read private keys of PuTTY users, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about PuTTY: