CVE-2016-2563 – Putty pscp 0.66 - Stack Buffer Overwrite
https://notcve.org/view.php?id=CVE-2016-2563
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request. Desbordamiento de buffer basado en pila en la utilidad comando-línea de SCP en PuTTY en versiones anteriores a 0.67 y KiTTY 0.66.6.3 y versiones anteriores permite a servidores remotos causar una denegación de servicio (corrupción de memoria de pila) o ejecutar código arbitrario a través de una respuesta de tamño de archivo SCP-SINK a una petición de descarga SCP. • https://www.exploit-db.com/exploits/39551 http://lists.opensuse.org/opensuse-updates/2016-05/msg00131.html http://seclists.org/fulldisclosure/2016/Mar/22 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html http://www.securityfocus.com/bid/84296 http://www.securitytracker.com/id/1035257 https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563 https://security.gentoo.org/glsa/201606-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-5309
https://notcve.org/view.php?id=CVE-2015-5309
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow. Desbordamiento de entero en el emulador de terminal en PuTTY en versiones anteriores a 0.66 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código arbitrario a través de una secuencia de escape ECH (borrar caracteres) con un valor de parámetro grande, que desencadena un desbordamiento inferior de buffer. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173094.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00099.html http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html http://www.debian.org/security/2015/dsa-3409 http://www.securitytracker.com/id/1034308 https://security.gentoo.org/glsa/201606-01 • CWE-189: Numeric Errors •
CVE-2015-2157
https://notcve.org/view.php?id=CVE-2015-2157
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. Las funciones (1) ssh2_load_userkey y (2) ssh2_save_userkey en PuTTY 0.51 hasta 0.63 no limpian correctamente las claves privadas SSH-2 de la memoria, lo que permite a usuarios remotos obtener información sensible mediante la lectura de la memoria. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151839.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151933.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html http://www.debian.org/security/2015/dsa& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-4208
https://notcve.org/view.php?id=CVE-2013-4208
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys. La función rsa_verify en PuTTY anterior a 0.63 (1) no limpia de memoria los procesos sensibles después de usarlos y (2)no libera determinadas estructuras que contienen procesos sensibles, lo que podría permitir a usuarios locales descubrir claves privadas RSA y DSA. • http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html http://secunia.com/advisories/54379 http://secunia.com/advisories/54533 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html http://www.debian.org/security/2013/dsa-2736 http://www.openwall.com/lists/oss-security/2013/08/06/11 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-4207
https://notcve.org/view.php?id=CVE-2013-4207
Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206. Desbordamiento de búfer en PuTTY 0.62 y anteriores, permite a servidores SSH remotos provocar una denegación de servicio (caída) a través de una firma DSA no válida que no es manejada adecuadamente durante el cálculo de un inverso modular que provoca el desbordamiento durante una división entre cero por la funcionalidad "bignum". Vulnerabilidad distinta de CVE-2013-4206. • http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html http://secunia.com/advisories/54379 http://secunia.com/advisories/54533 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html http://www.debian.org/security/2013/dsa-2736 http://www.openwall.com/lists/oss-security/2013/08/06/11 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •