Vulnerabilities > CVE-2004-1008 - Remote SSH2_MSG_DEBUG Buffer Overflow vulnerability in PuTTY

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
putty
tortoisecvs
critical
nessus

Summary

Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200410-29.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200410-29 (PuTTY: Pre-authentication buffer overflow) PuTTY fails to do proper bounds checking on SSH2_MSG_DEBUG packets. The
last seen2020-06-01
modified2020-06-02
plugin id15581
published2004-10-28
reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/15581
titleGLSA-200410-29 : PuTTY: Pre-authentication buffer overflow