On Monday 16 August 2004 03:52 pm, stheg olloydson 
> Hello,
> Sorry for the completely OT post, but I saw two mentions of PuTTY in
> one day on the list and assume it must be a popular piece of Windows
> software.

It is written for *nix and win32, and it has an MIT license.

> The SANS Institute "@Risk" newsletter dated 8AUG04 contains 
> the following item regarding PuTTY:
> 04.31.4 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: PuTTY Remote Buffer Overflow
> Description: PuTTY is a free Telnet and SSH client. It has been
> reported that PuTTY is subject to a pre-authentication buffer
> overflow that can allow malicious servers to execute code on a client
> machine as it attempts to negotiate connection. PuTTY 0.54 and
> previous versions are vulnerable.
> Ref:
> http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10

You forgot to include this (from the link above):

*Solution/Vendor Information/Workaround:*

PuTTY 0.55 fixes these vulnerabilities. It is available at: 

PuTTY maintainers recommend that everybody upgrade to 0.55 as soon as 

The latest PuTTY version in ports is 0.55.

- jt
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to