CVE-2024-31497

PuTTY versions 0.68–0.80 (before 0.81) are vulnerable to a biased ECDSA nonce issue that can enable an attacker to recover a user’s NIST P-521 private key after observing signatures. The CVE is discussed in multiple advisories and vendor notices (Debian LTS advisory DLA-3839-1, Fedora package upd...

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

PT-2024-2774

Name of the Vulnerable Software and Affected Versions PuTTY versions 0.68 through 0.80 FileZilla versions 3.24.1 through 3.66.5 WinSCP versions 5.9.5 through 6.3.2 TortoiseGit versions 2.4.0.2 through 2.15.0 TortoiseSVN versions 1.10.0 through 1.14.6 Description The issue is related to biased ECD...

KLA65600 OSI vulnerability in FileZilla

Information disclosure vulnerability was found in FileZilla. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories oss-security – CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client Exploitation...

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results on Googles search engine page and localized to North America. Victims are tricked into downloadi...

PuTTY and embedders (f.i., filezilla) -- biased RNG with NIST P521/ecdsa-sha2-nistp521 signatures permits recovering private key

Simon Tatham reports: ECDSA signatures using 521-bit keys the NIST P521 curve, otherwise known as ecdsa-sha2-nistp521 were generated with biased random numbers. This permits an attacker in possession of a few dozen signatures to RECOVER THE PRIVATE KEY. Any 521-bit ECDSA private key that PuTTY or...

EulerOS Virtualization 2.9.1 : openssh (EulerOS-SA-2024-1460)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.9.0 : libssh2 (EulerOS-SA-2024-1470)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1345)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : libssh2 (EulerOS-SA-2024-1217)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP11 : libssh2 (EulerOS-SA-2024-1239)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP10 : libssh2 (EulerOS-SA-2024-1317)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

Mageia: Security Advisory (MGASA-2024-0034)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0034 Updated filezilla packages fix a security vulnerability ("Terrapin attack")

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. Thi...

Updated filezilla packages fix a security vulnerability ("Terrapin attack")

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. Thi...

Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea

The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, and screen captures" from infected systems...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bouncycastle, jsch (SUSE-SU-2024:0327-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0327-1 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

Fedora 39 : prometheus-podman-exporter (2024-a53b24023d)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a53b24023d advisory. Security fix for CVE-2023-48795 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...