putty -- buffer overflow vulnerability in ssh2 support

ID 19518D22-2D05-11D9-8943-0050FC56D258
Type freebsd
Reporter FreeBSD
Modified 2005-01-19T00:00:00


There is a bug in SSH2 support that allows a server to execute malicious code on a connecting PuTTY client. This attack can be performed before host key verification happens, so a different machine -- man in the middle attack -- could fake the machine you are connecting to.