Slashdot Mirror


Another Serious Security Hole in PuTTY, Fixed

Markaci writes "You may recall recently upgrading PuTTY. There is a new version, released 2004-10-26, which fixes a very similar security hole. The bug can allow servers that you think you can trust to execute code on the PuTTY client, even before you verify the hosts key while connecting using SSH2. You can be attacked before you know that you have connected to the wrong machine. Upgrade to version 0.56 now."

1 of 30 comments (clear)

  1. Re:Amazing by Westley · · Score: 4, Interesting

    While in general I agree that bugfixing tends to be fast in free software, I think PuTTY is a particularly exceptional case.

    This is because Simon (and the rest of the PuTTY team, I suspect) basically won't sleep knowing there's a significant security flaw.

    Considering this started off as just a way of getting a reasonable terminal emulator for Windows for personal use, I'm always amazed at how wide-spread PuTTY has become. Then again, it's a cracking piece of software.

    I used to use the fact that Tim Curry played Monopoly with my dad when they were kids as my kudos-by-proxy. Now it's being mates with Simon :)