Vulnerabilities > CVE-2019-9894 - Key Management Errors vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

nessus

NVD

Published: 2019-03-21

Updated: 2023-11-07

Summary

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

Vulnerable Configurations

Part	Description	Count
Application	Putty Putty Putty - Putty Putty 0.45 Putty Putty 0.46 Putty Putty 0.47 Putty Putty 0.48 Putty Putty 0.49 Putty Putty 0.50 Putty Putty 0.51 Putty Putty 0.52 Putty Putty 0.53 Putty Putty 0.53B Putty Putty 0.54 Putty Putty 0.55 Putty Putty 0.56 Putty Putty 0.57 Putty Putty 0.58 Putty Putty 0.59 Putty Putty 0.60 Putty Putty 0.61 Putty Putty 0.62 Putty Putty 0.63 Putty Putty 0.65 Putty Putty 0.66 Putty Putty 0.67 Putty Putty 0.68 Putty Putty 0.69 Putty Putty 0.70	28
Application	Netapp Netapp Oncommand Unified Manager -	1
OS	Fedoraproject Fedoraproject Fedora 28 Fedoraproject Fedora 29	2
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 9.0	2
OS	Opensuse Opensuse Leap 15.0	1

Common Weakness Enumeration (CWE)

CWE-320 - Key Management Errors

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-5776DFE300.NASL
description	This is new version of putty. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	123139
published	2019-03-27
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123139
title	Fedora 29 : putty (2019-5776dfe300)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-5776dfe300. # include("compat.inc"); if (description) { script_id(123139); script_version("1.4"); script_cvs_date("Date: 2020/02/03"); script_cve_id("CVE-2019-9894", "CVE-2019-9895", "CVE-2019-9897", "CVE-2019-9898"); script_xref(name:"FEDORA", value:"2019-5776dfe300"); script_name(english:"Fedora 29 : putty (2019-5776dfe300)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This is new version of putty. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-5776dfe300" ); script_set_attribute(attribute:"solution", value:"Update the affected putty package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:putty"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"putty-0.71-1.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "putty"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1113.NASL
description	This update for putty fixes the following issues : Update to new upstream release 0.71 [boo#1129633] - CVE-2019-9894: Fixed a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification potential recycling of random numbers used in cryptography. - CVE-2019-9895: Fixed a remotely triggerable buffer overflow in any kind of server-to-client forwarding. - CVE-2019-9897: Fixed multiple denial-of-service attacks that can be triggered by writing to the terminal. - CVE-2019-9898: Fixed potential recycling of random numbers used in cryptography - CVE-2019-9896 (Windows only): Fixed hijacking by a malicious help file in the same directory as the executable - Major rewrite of the crypto code to remove cache and timing side channels.
last seen	2020-06-01
modified	2020-06-02
plugin id	123660
published	2019-04-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123660
title	openSUSE Security Update : putty (openSUSE-2019-1113)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1113. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(123660); script_version("1.2"); script_cvs_date("Date: 2020/01/27"); script_cve_id("CVE-2019-9894", "CVE-2019-9895", "CVE-2019-9896", "CVE-2019-9897", "CVE-2019-9898"); script_name(english:"openSUSE Security Update : putty (openSUSE-2019-1113)"); script_summary(english:"Check for the openSUSE-2019-1113 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for putty fixes the following issues : Update to new upstream release 0.71 [boo#1129633] - CVE-2019-9894: Fixed a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification potential recycling of random numbers used in cryptography. - CVE-2019-9895: Fixed a remotely triggerable buffer overflow in any kind of server-to-client forwarding. - CVE-2019-9897: Fixed multiple denial-of-service attacks that can be triggered by writing to the terminal. - CVE-2019-9898: Fixed potential recycling of random numbers used in cryptography - CVE-2019-9896 (Windows only): Fixed hijacking by a malicious help file in the same directory as the executable - Major rewrite of the crypto code to remove cache and timing side channels." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129633" ); script_set_attribute( attribute:"solution", value:"Update the affected putty packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:putty"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:putty-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:putty-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"putty-0.71-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"putty-debuginfo-0.71-lp150.9.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"putty-debugsource-0.71-lp150.9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "putty / putty-debuginfo / putty-debugsource"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4423.NASL
description	Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be re-used.
last seen	2020-06-01
modified	2020-06-02
plugin id	123692
published	2019-04-04
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123692
title	Debian DSA-4423-1 : putty - security update
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4423. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(123692); script_version("1.2"); script_cvs_date("Date: 2020/01/27"); script_cve_id("CVE-2019-9894", "CVE-2019-9895", "CVE-2019-9897", "CVE-2019-9898"); script_xref(name:"DSA", value:"4423"); script_name(english:"Debian DSA-4423-1 : putty - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be re-used." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/putty" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/putty" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2019/dsa-4423" ); script_set_attribute( attribute:"solution", value: "Upgrade the putty packages. For the stable distribution (stretch), these problems have been fixed in version 0.67-3+deb9u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:putty"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"pterm", reference:"0.67-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"putty", reference:"0.67-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"putty-doc", reference:"0.67-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"putty-tools", reference:"0.67-3+deb9u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-9E1A1CD634.NASL
description	This is new version of putty fixing few security vulnerabilities. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	123479
published	2019-03-29
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123479
title	Fedora 28 : putty (2019-9e1a1cd634)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-9e1a1cd634. # include("compat.inc"); if (description) { script_id(123479); script_version("1.4"); script_cvs_date("Date: 2020/01/27"); script_cve_id("CVE-2019-9894", "CVE-2019-9895", "CVE-2019-9897", "CVE-2019-9898"); script_xref(name:"FEDORA", value:"2019-9e1a1cd634"); script_name(english:"Fedora 28 : putty (2019-9e1a1cd634)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This is new version of putty fixing few security vulnerabilities. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-9e1a1cd634" ); script_set_attribute(attribute:"solution", value:"Update the affected putty package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:putty"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"putty-0.71-1.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "putty"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1763.NASL
description	Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be re-used. For Debian 8
last seen	2020-06-01
modified	2020-06-02
plugin id	124283
published	2019-04-25
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124283
title	Debian DLA-1763-1 : putty security update
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1763-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(124283); script_version("1.2"); script_cvs_date("Date: 2020/01/23"); script_cve_id("CVE-2019-9894", "CVE-2019-9897", "CVE-2019-9898"); script_name(english:"Debian DLA-1763-1 : putty security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be re-used. For Debian 8 'Jessie', these problems have been fixed in version 0.63-10+deb8u2. We recommend that you upgrade your putty packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/04/msg00023.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/putty" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pterm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:putty"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:putty-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:putty-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"pterm", reference:"0.63-10+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"putty", reference:"0.63-10+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"putty-doc", reference:"0.63-10+deb8u2")) flag++; if (deb_check(release:"8.0", prefix:"putty-tools", reference:"0.63-10+deb8u2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Windows
NASL id	PUTTY_071.NASL
description	The remote host has a version of PuTTY installed that is prior to 0.71. It is, therefore, affected by multiple vulnerabilities including: - A remotely triggerable buffer overflow in any kind of server-to-client forwarding. (CVE-2019-9895) - Potential recycling of random numbers used in cryptography. (CVE-2019-9898) - A remotely triggerable memory overwrite in RSA key exchange can occur before host key verification. (CVE-2019-9894)
last seen	2020-06-01
modified	2020-06-02
plugin id	123418
published	2019-03-27
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123418
title	PuTTY < 0.71 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(123418); script_version("1.2"); script_cvs_date("Date: 2019/10/30 13:24:47"); script_cve_id( "CVE-2019-9894", "CVE-2019-9895", "CVE-2019-9896", "CVE-2019-9897", "CVE-2019-9898" ); script_bugtraq_id( 107484, 107523 ); script_name(english:"PuTTY < 0.71 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PuTTY."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has an SSH client that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host has a version of PuTTY installed that is prior to 0.71. It is, therefore, affected by multiple vulnerabilities including: - A remotely triggerable buffer overflow in any kind of server-to-client forwarding. (CVE-2019-9895) - Potential recycling of random numbers used in cryptography. (CVE-2019-9898) - A remotely triggerable memory overwrite in RSA key exchange can occur before host key verification. (CVE-2019-9894)"); # https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-auth-prompt-spoofing.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fc188a9c"); # https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-chm-hijack.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cd82820f"); # https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-fd-set-overflow.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e116cf63"); # https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rng-reuse.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?39988fba"); # https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rsa-kex-integer-overflow.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?50d03d73"); # https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-combining-chars.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc4b5e69"); # https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-combining-chars-double-width-gtk.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d52aebfd"); # https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-one-column-cjk.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?819250a8"); script_set_attribute(attribute:"see_also", value:"http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"); script_set_attribute(attribute:"solution", value:"Upgrade to PuTTY version 0.71 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9895"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/16"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:simon_tatham:putty"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("putty_installed.nasl"); script_require_keys("installed_sw/PuTTY", "SMB/Registry/Enumerated"); exit(0); } include("vcf.inc"); get_kb_item_or_exit("SMB/Registry/Enumerated"); app_info = vcf::get_app_info(app:"PuTTY", win_local:TRUE); constraints = [ { "fixed_version" : "0.71" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-2EDDAF40D0.NASL
description	This is new version of putty. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124483
published	2019-05-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124483
title	Fedora 30 : putty (2019-2eddaf40d0)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-2eddaf40d0. # include("compat.inc"); if (description) { script_id(124483); script_version("1.3"); script_cvs_date("Date: 2020/01/21"); script_cve_id("CVE-2019-9894"); script_xref(name:"FEDORA", value:"2019-2eddaf40d0"); script_name(english:"Fedora 30 : putty (2019-2eddaf40d0)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This is new version of putty. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-2eddaf40d0" ); script_set_attribute(attribute:"solution", value:"Update the affected putty package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:putty"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"putty-0.71-1.fc30")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "putty"); }

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References