Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Serious Security Hole in PuTTY, Fixed

Posted by timothy on from the fixation-nation dept.

Markaci writes "You may recall recently upgrading PuTTY. There is a new version, released 2004-10-26, which fixes a very similar security hole. The bug can allow servers that you think you can trust to execute code on the PuTTY client, even before you verify the hosts key while connecting using SSH2. You can be attacked before you know that you have connected to the wrong machine. Upgrade to version 0.56 now."

2 of 30 comments (clear)

  1. Re:Amazing by Anonymous Coward · · Score: 1, Informative

    Posts to slashdot and studies the moderation of his comments in GREAT DETAIL. I only notcied this as I was checking his post history to see if he was a troll before I took the bait and replied to a comment of his in a different story. I did not bite.

  2. Re:Latest version by irc.goatse.cx+troll · · Score: 2, Informative

    Thats nice if you want a trojaned ssh client. The rest of use just google I'm feeling lucky "putty.exe".

    If you don't believe me that its trojaned, scan it in any current antivirus software -- It submits your password via some custom protocol via the same port RealMedia uses. Nice try, script kiddie.

    --
    Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx