Brad Bendily wrote:
> FYI: This notice comes from the Bugtraq list.
>
>>From http://www.chiark.greenend.org.uk/~sgtatham/putty/
>
> ======================================================================
>
> 2004-10-26 ANOTHER SECURITY HOLE, fixed in PuTTY 0.56
>
> PuTTY 0.56, released today, fixes a serious security hole which can
> allow a server to execute code of its choice on a PuTTY client
> connecting to it. In SSH2, the attack can be performed before host key
> verification, meaning that even if you trust the server you think you
> are connecting to, a different machine could be impersonating it and
> could launch the attack before you could tell the difference. We
> recommend everybody upgrade to 0.56 as soon as possible.
>
> That's two really bad holes in three months. I'd like to apologise to
> all our users for the inconvenience.
>
> ======================================================================
>
Thanks for the heads up there... I'll need to make sure that rsync on
my PuTTY mirror grabbed the newest version.
Jeremy
___________________
Nolug mailing list
nolug@nolug.org
Received on 10/28/04
This archive was generated by hypermail 2.2.0 : 12/19/08 EST