Bugtraq mailing list archives
Re: [IPS] PUTTY SSH-Client Exploit
From: Owen Dunn <owend () chiark greenend org uk>
Date: 04 Jan 2003 23:22:55 +0000
Daniel Alcántara de la Hoz <seguridad () iproyectos net> writes:
In December 16, 2002 Rapid 7.Inc released a security alert about vulnerabilities in ssh2 implementations from multiple vendors. We have used the concept to code this exploit/proof of concept. It's a fake server to exploit the putty client. To test it you need to change the url in the shellcode; that file will be downloaded and run on exploitation.
I should point out that the vulnerabilities uncovered by Rapid 7 were fixed in PuTTY 0.53b, released on November 12th 2002. (S) (PuTTY team member)
Current thread:
- Re: [IPS] PUTTY SSH-Client Exploit Owen Dunn (Jan 04)