Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2016-0118
HistoryMar 25, 2016 - 9:38 a.m.

Updated filezilla packages fix security vulnerability

2016-03-2509:38:37
Gentoo Foundation
advisories.mageia.org
10

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.016 Low

EPSS

Percentile

87.5%

JSON

Many versions of PSCP in PuTTY prior to 0.67 have a stack corruption vulnerability in their treatment of the ‘sink’ direction (i.e. downloading from server to client) of the old-style SCP protocol. In order for this vulnerability to be exploited, the user must connect to a malicious server and attempt to download any file (CVE-2016-2563). FileZilla was vulnerable to this issue as it bundles a copy of PuTTY. The filezilla package has been updated to version 3.16.1, which fixes this issue and has many other fixes and enhancements.

Related

cvelist 1
freebsd 1
ubuntucve 1
exploitpack 1
zdt 1
seebug 1
nessus 4
debiancve 1
cve 1
kaspersky 1
openvas 3
hackerone 1
nvd 1
mageia 1
prion 1
exploitdb 1
gentoo 1
cvelist
cvelist
CVE-2016-2563
2016-04-07 23:00:00
freebsd
freebsd
PuTTY - old-style scp downloads may allow remote code execution
2016-02-26 00:00:00
ubuntucve
ubuntucve
CVE-2016-2563
2016-04-07 00:00:00
exploitpack
exploitpack
Putty pscp 0.66 - Stack Buffer Overwrite
2016-03-10 00:00:00
zdt
zdt
Putty pscp 0.66 - Stack Buffer Overwrite
2016-03-10 00:00:00
seebug
seebug
PuTTY pscp åŪĒ户įŦŊ栈įž“å†ē匚čĶ†į›–(CVE-2016-2563)
2016-03-07 00:00:00
nessus
nessus
PuTTY < 0.67 PSCP Server Header Handling Stack Buffer Overflow
2017-12-11 00:00:00
FreeBSD : PuTTY - old-style scp downloads may allow remote code execution (7f0fbb30-e462-11e5-a3f3-080027ef73ec)
2016-03-08 00:00:00
openSUSE Security Update : putty (openSUSE-2016-667)
2016-06-01 00:00:00
debiancve
debiancve
CVE-2016-2563
2016-04-07 23:59:07
cve
cve
CVE-2016-2563
2016-04-07 23:59:07
kaspersky
kaspersky
KLA11442 ACE vulnerability in PuTTY
2016-04-07 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0112)
2016-03-17 00:00:00
PuTTY DoS Vulnerability (Apr 2016) - Windows
2016-04-21 00:00:00
Mageia: Security Advisory (MGASA-2016-0118)
2016-03-31 00:00:00
hackerone
hackerone
Internet Bug Bounty: putty pscp client-side post-auth stack buffer overwrite when processing remote file size
2016-03-06 10:10:58
nvd
nvd
CVE-2016-2563
2016-04-07 23:59:07
mageia
mageia
Updated putty packages fix CVE-2016-2563
2016-03-16 21:07:23
prion
prion
Stack overflow
2016-04-07 23:59:00
exploitdb
exploitdb
Putty pscp 0.66 - Stack Buffer Overwrite
2016-03-10 00:00:00
gentoo
gentoo
PuTTY: Multiple vulnerabilities
2016-06-05 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.016 Low

EPSS

Percentile

87.5%

JSON
Related for MGASA-2016-0118
cvelist1freebsd1ubuntucve1exploitpack1zdt1seebug1nessus4debiancve1cve1kaspersky1openvas3hackerone1nvd1mageia1prion1exploitdb1gentoo1