Mailinglist Archive
| SECURITY HOLE, fixed in PuTTY 0.55
|
| From: | Joe Klemmer |
| Date: | Wed, 04 Aug 2004 13:50:43 -0400
|
I know that many people use PuTTY for ssh connections. It's probably a
good idea to upgrade.
2004-08-03 SECURITY HOLE, fixed in PuTTY 0.55
PuTTY 0.55, released today, fixes a serious security hole which may
allow a server to execute code of its choice on a PuTTY client
connecting to it. In SSH2, the attack can be performed before host key
verification, meaning that even if you trust the server you think you
are connecting to, a different machine could be impersonating it and
could launch the attack before you could tell the difference. We
recommend everybody upgrade to 0.55 as soon as possible.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
--
Joe Klemmer
Unix System/Network Administrator & Ad Hoc Programmer