14 matches found
Debian: Security Advisory (DLA-173-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PuTTY Information Disclosure vulnerability (Mar 2015) - Windows
PuTTY is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:putty:putty";...
CVE-2015-2157
The 1 ssh2loaduserkey and 2 ssh2saveuserkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory...
CVE-2015-2157
PuTTY local memory disclosure vulnerability (CVE-2015-2157) affects PuTTY 0.51–0.63 where SSH-2 private keys are not properly wiped from memory after loading/saving, enabling local attackers to read sensitive key material. Impact is local, with partial confidentiality impact as per NVD metrics; n...
KLA11444 OSI vulnerability in PuTTY
Information exposure vulnerability was found in PuTTY. Malicious users can exploit this vulnerability locally to obtain sensitive information. Original advisories PuTTY vulnerability private-key-not-wiped-2 Related products PuTTY CVE list CVE-2015-2157 warning Solution Update to the latest versio...
Debian DLA-173-1 : putty security update
MATTA-2015-002 Florent Daigniere discovered that PuTTY did not enforce an acceptable range for the Diffie-Hellman server value, as required by RFC 4253, potentially allowing an eavesdroppable connection to be established in the event of a server weakness. 779488 CVE-2015-2157 Patrick Coleman...
[SECURITY] [DSA 3190-1] putty security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3190-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 15, 2015 http://www.debian.org/security/faq -...
Fedora 20 : putty-0.64-1.fc20 (2015-3204)
Fixed an issue when private keys weren't scrub from memory after use. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 22 : putty-0.64-1.fc22 (2015-3070)
Fixed an issue when private keys weren't scrub from memory after use. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 21 : putty-0.64-1.fc21 (2015-3160)
Fixed an issue when private keys weren't scrub from memory after use. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
[SECURITY] [DLA 173-1] putty security update
Package : putty Version : 0.60+2010-02-20-1+squeeze3 CVE ID : CVE-2015-2157 Debian Bug : 779488 MATTA-2015-002 Florent Daigniere discovered that PuTTY did not enforce an acceptable range for the Diffie-Hellman server value, as required by RFC 4253, potentially allowing an eavesdroppable connectio...
MGASA-2015-0098 Updated putty and filezilla packages fix CVE-2015-2157
Updated putty and filezilla packages fix security vulnerability: PuTTY suite versions 0.51 to 0.63 fail to clear SSH-2 private key information from memory when loading and saving key files to disk, leading to potential disclosure. The issue affects keys stored on disk in encrypted and unencrypted...
Updated putty and filezilla packages fix CVE-2015-2157
Updated putty and filezilla packages fix security vulnerability: PuTTY suite versions 0.51 to 0.63 fail to clear SSH-2 private key information from memory when loading and saving key files to disk, leading to potential disclosure. The issue affects keys stored on disk in encrypted and unencrypted...
PuTTY < 0.64 Multiple Information Disclosure Vulnerabilities
The remote host has a version of PuTTY installed that is prior to 0.64. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to a failure to clear SSH-2 private key information from the memory during the saving or loading of key files to...