Mirrors | Updates | Feedback | Changes | Wishlist | Team
PuTTY 0.53 and earlier are vulnerable to the attack described in CERT advisory CA-2002-36 "Multiple Vulnerabilities in SSH Implementations" (also VU#389665). This vulnerability is believed to be fixed in 0.53b (released Nov 12, 2002).
Certain well-chosen malformed or unusual packets can lead to remote code execution attacks. See the Rapid7 advisory and their SSHredder test suite for details.
I-Proyectos has released a proof-of-concept exploit to BugTraq.
CVE have assigned the following candidate IDs to the vulnerabilities tested for by SSHredder:
Audit trail for this vulnerability.