PuTTY sftp_pkt_getstring() Function Remote Overflow

2005-02-20T04:48:46
ID OSVDB:14003
Type osvdb
Reporter Gaël Delalleau()
Modified 2005-02-20T04:48:46

Description

Vulnerability Description

A remote overflow exists in PuTTY. The 'sftp_pkt_getstring()' function fails to perform proper bounds checking resulting in an integer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 0.57 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in PuTTY. The 'sftp_pkt_getstring()' function fails to perform proper bounds checking resulting in an integer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.chiark.greenend.org.uk/~sgtatham/putty/ Vendor Specific Advisory URL Security Tracker: 1013246 Secunia Advisory ID:14333 Related OSVDB ID: 14002 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200502-28.xml Other Advisory URL: http://www.idefense.com/application/poi/display?id=201&type=vulnerabilities ISS X-Force ID: 19402 CVE-2005-0467