Design/Logic Flaw

🗓️ 27 Mar 2015 14:59:00Reported by PRIOn knowledge baseType

ssh2_load_userkey and ssh2_save_userkey in PuTTY 0.51 through 0.63 have a logic flaw allowing local users to obtain sensitive information by reading memory

Reporter	Title	Published	Views	Family All 41
FreeBSD	PuTTY -- fails to scrub private keys from memory after use	28 Feb 201500:00	–	freebsd
ArchLinux	putty: information disclosure	2 Mar 201500:00	–	archlinux
CNVD	PuTTY Local Information Disclosure Vulnerability	11 Mar 201500:00	–	cnvd
CVE	CVE-2015-2157	27 Mar 201514:00	–	cve
Cvelist	CVE-2015-2157	27 Mar 201514:00	–	cvelist
Debian	[SECURITY] [DLA 173-1] putty security update	15 Mar 201518:12	–	debian
Debian	[SECURITY] [DSA 3190-1] putty security update	15 Mar 201519:50	–	debian
Debian CVE	CVE-2015-2157	27 Mar 201514:00	–	debiancve
Tenable Nessus	Debian DLA-173-1 : putty security update	26 Mar 201500:00	–	nessus
Tenable Nessus	Debian DSA-3190-1 : putty - security update	17 Mar 201500:00	–	nessus

Source	Link
chiark	www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
lists	www.lists.fedoraproject.org/pipermail/package-announce/2015-March/151839.html
chiark	www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
openwall	www.openwall.com/lists/oss-security/2015/02/28/4
lists	www.lists.opensuse.org/opensuse-updates/2015-03/msg00032.html
openwall	www.openwall.com/lists/oss-security/2015/02/28/5
debian	www.debian.org/security/2015/dsa-3190
lists	www.lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html
lists	www.lists.fedoraproject.org/pipermail/package-announce/2015-March/151933.html
securityfocus	www.securityfocus.com/bid/72825

21 Mar 2019 17:04Current

6Medium risk

Vulners AI Score6

EPSS0.00126