Vulnerabilities > CVE-2004-1440 - Unspecified vulnerability in Putty

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
putty
nessus

Summary

Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200408-04.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200408-04 (PuTTY: Pre-authentication arbitrary code execution) PuTTY contains a vulnerability allowing a malicious server to execute arbitrary code on the connecting client before host key verification. Impact : When connecting to a server using the SSH2 protocol an attacker is able to execute arbitrary code with the permissions of the user running PuTTY by sending specially crafted packets to the client during the authentication process but before host key verification. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of PuTTY.
last seen2020-06-01
modified2020-06-02
plugin id14560
published2004-08-30
reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/14560
titleGLSA-200408-04 : PuTTY: Pre-authentication arbitrary code execution
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200408-04.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(14560);
  script_version("1.17");
  script_cvs_date("Date: 2019/08/02 13:32:41");

  script_cve_id("CVE-2004-1440");
  script_xref(name:"GLSA", value:"200408-04");

  script_name(english:"GLSA-200408-04 : PuTTY: Pre-authentication arbitrary code execution");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200408-04
(PuTTY: Pre-authentication arbitrary code execution)

    PuTTY contains a vulnerability allowing a malicious server to execute
    arbitrary code on the connecting client before host key verification.
  
Impact :

    When connecting to a server using the SSH2 protocol an attacker is able
    to execute arbitrary code with the permissions of the user running
    PuTTY by sending specially crafted packets to the client during the
    authentication process but before host key verification.
  
Workaround :

    There is no known workaround at this time. All users are encouraged to
    upgrade to the latest available version of PuTTY."
  );
  # http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.secureauth.com/?idx=417&idxseccion=10"
  );
  # http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200408-04"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All PuTTY users should upgrade to the latest version:
    # emerge sync
    # emerge -pv '>=net-misc/putty-0.55'
    # emerge '>=net-misc/putty-0.55'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:putty");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/08/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-misc/putty", unaffected:make_list("ge 0.55"), vulnerable:make_list("le 0.54"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PuTTY");
}