Vulnerabilities > CVE-2004-1440 - Unspecified vulnerability in Putty

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

putty

nessus

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.

Vulnerable Configurations

Part	Description	Count
Application	Putty Putty Putty 0.48 Putty Putty 0.49 Putty Putty 0.50 Putty Putty 0.51 Putty Putty 0.52 Putty Putty 0.53 Putty Putty 0.53B Putty Putty 0.54	8

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200408-04.NASL
description	The remote host is affected by the vulnerability described in GLSA-200408-04 (PuTTY: Pre-authentication arbitrary code execution) PuTTY contains a vulnerability allowing a malicious server to execute arbitrary code on the connecting client before host key verification. Impact : When connecting to a server using the SSH2 protocol an attacker is able to execute arbitrary code with the permissions of the user running PuTTY by sending specially crafted packets to the client during the authentication process but before host key verification. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of PuTTY.
last seen	2020-06-01
modified	2020-06-02
plugin id	14560
published	2004-08-30
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/14560
title	GLSA-200408-04 : PuTTY: Pre-authentication arbitrary code execution
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200408-04. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14560); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-1440"); script_xref(name:"GLSA", value:"200408-04"); script_name(english:"GLSA-200408-04 : PuTTY: Pre-authentication arbitrary code execution"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200408-04 (PuTTY: Pre-authentication arbitrary code execution) PuTTY contains a vulnerability allowing a malicious server to execute arbitrary code on the connecting client before host key verification. Impact : When connecting to a server using the SSH2 protocol an attacker is able to execute arbitrary code with the permissions of the user running PuTTY by sending specially crafted packets to the client during the authentication process but before host key verification. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of PuTTY." ); # http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10 script_set_attribute( attribute:"see_also", value:"https://www.secureauth.com/?idx=417&idxseccion=10" ); # http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html script_set_attribute( attribute:"see_also", value:"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200408-04" ); script_set_attribute( attribute:"solution", value: "All PuTTY users should upgrade to the latest version: # emerge sync # emerge -pv '>=net-misc/putty-0.55' # emerge '>=net-misc/putty-0.55'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:putty"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-misc/putty", unaffected:make_list("ge 0.55"), vulnerable:make_list("le 0.54"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PuTTY"); }

Summary

Vulnerable Configurations

Nessus

References