On Monday 16 August 2004 03:52 pm, stheg olloydson
<[EMAIL PROTECTED]> wrote:
> Sorry for the completely OT post, but I saw two mentions of PuTTY in
> one day on the list and assume it must be a popular piece of Windows
It is written for *nix and win32, and it has an MIT license.
> The SANS Institute "@Risk" newsletter dated 8AUG04 contains
> the following item regarding PuTTY:
> 04.31.4 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: PuTTY Remote Buffer Overflow
> Description: PuTTY is a free Telnet and SSH client. It has been
> reported that PuTTY is subject to a pre-authentication buffer
> overflow that can allow malicious servers to execute code on a client
> machine as it attempts to negotiate connection. PuTTY 0.54 and
> previous versions are vulnerable.
You forgot to include this (from the link above):
PuTTY 0.55 fixes these vulnerabilities. It is available at:
PuTTY maintainers recommend that everybody upgrade to 0.55 as soon as
The latest PuTTY version in ports is 0.55.
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"