PuTTY has come back with its latest version which has amazing abilities. The new released PuTTY has got security patches which can be used for 8 severity security vulnerabilities. PuTTY is known worldwide for its popular SSH client program. The surprise simply doesn’t end there. The developer of PuTTY has brought us the latest version of Unix Operating systems and 0.71 for windows just after 20 months of releasing the new version of its software. The previous software was found quite risky to all the multiple security systems which pave way for malicious server to hijack client’s stem in various ways.
A list of 8 vulnerabilities is shown to you with short information that PuTTY 0.71 has patched:
- Fake Authentication Prompt- The software PuTTY has no way to discover if a certain terminal output is genuine or not and thus a malicious server can easily try a fake authentication from the client side making the victims enter their private key by themselves.
- Overflow Buffer for Unix PuTTY Tools- The input files descriptor that is collected while monitoring all the collections from active Unix file goes unchecked by PuTTY. This leads to a heavy buffer overflow.
- The Integer Overflow- An integral overflow can be the result of sending a short RSA key which will trigger a great amount of vulnerability and uncontrollable overwriting memory.
- CHM Hijacking with Code Execution- The attacker finds a new way to trick the user into making them execute malicious code on the system with the help of hijacking CHM file. All the user has to do is go for online help via the PuTTY GUI tools. The software does its work in locating the file and also creating its own executable at the same time.
- Repetition of Cryptographic Random Numbers- The issue rises for the way the same batch of random bytes is used twice.
6, 7 and 8) The DoS Attacks- The last three vulnerabilities in PuTTY include the server to crash and also slow down client’s terminal.
The second Dos attack comes with a multiple trigger with sending an odd number of terminal columns, 2 characters width used by Chinese, the terminal emulator of PuTTY might also be forced to crash. This is advisable for all that while buying the PuTTY software it will be wise to make sure it is the latest version or else one might face such vulnerabilities shown above.