Fedora 38 : filezilla / libfilezilla (2024-0489e7ba1e)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-0489e7ba1e advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora 39 : filezilla / libfilezilla (2024-8401d42de6)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-8401d42de6 advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Biased ECDSA Nonce Generation

PuTTYis vulnerable to biased ECDSA nonce generation. The vulnerability is due to biased ECDSA nonce generation, allowing an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is particularly significant in scenarios where an adversary can re...

PuTTY < 0.81 Key Recovery Attack Vulnerability

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

SUSE CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

DEBIAN-CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

CVE-2024-31497

PuTTY versions 0.68–0.80 (before 0.81) are vulnerable to a biased ECDSA nonce issue that can enable an attacker to recover a user’s NIST P-521 private key after observing signatures. The CVE is discussed in multiple advisories and vendor notices (Debian LTS advisory DLA-3839-1, Fedora package upd...

[SECURITY] Fedora 40 Update: jsch-agent-proxy-0.0.8-25.fc40

jsch-agent-proxy is a proxy program to OpenSSH ssh-agent and Pageant included Putty. It will be easily integrated into JSch, and users will be allowed to use those programs in authentications. This software has been developed for JSch, but it will be easily applicable to other ssh2 implementation...

OPENSUSE-SU-2019:2017-1 Recommended update for putty

This update for putty fixes the following issues: Update to new upstream release 0.72 boo1144547, boo1144548 Fixed two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. Fixed a vulnerability in all the SSH client tools PuTTY, Plink, PSFTP and...

PuTTY 0.72 -- buffer overflow in SSH-1 and integer overflow in SSH client

Simon Tatham reports: Vulnerabilities fixed in this release include: A malicious SSH-1 server could trigger a buffer overrun by sending extremely short RSA keys, or certain bad packet length fields. Either of these could happen before host key verification, so even if you trust the server you...

Forward SSH Agent Requests To Remote Pageant

This module forwards SSH agent requests from a local socket to a remote Pageant instance. If a target Windows machine is compromised and is running Pageant, this will allow the attacker to run normal OpenSSH commands e.g. ssh-add -l against the Pageant host which are tunneled through the...

PuTTY Saved Sessions Enumeration Module

This module will identify whether Pageant PuTTY Agent is running and obtain saved session information from the registry. PuTTY is very configurable; some users may have configured saved sessions which could include a username, private key file to use when authenticating, host name etc. If a priva...

PuTTY v.0.61 New Version released After 4 years

PuTTY v.0.61 New Version released After 4 years After four Years, Putty's New version finally Released today.Here are the PuTTY files themselves: PuTTY the Telnet and SSH client itself PSCP an SCP client, i.e. command-line secure file copy PSFTP an SFTP client, i.e. general file transfer sessions...