The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-updates/2017-03/msg00055.html | Third Party Advisory |
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html | Patch Vendor Advisory |
http://www.securityfocus.com/bid/97156 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038067 | |
https://git.tartarus.org/?p=simon/putty.git%3Ba=commitdiff%3Bh=4ff22863d895cb7ebfced4cf923a012a614adaa8 | |
https://security.gentoo.org/glsa/201703-03 | Third Party Advisory VDB Entry |
https://security.gentoo.org/glsa/201706-09 | |
https://www.exploit-db.com/exploits/42137/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-03-27T17:00:00
Updated: 2017-08-12T09:57:01
Reserved: 2017-03-08T00:00:00
Link: CVE-2017-6542
JSON object: View
NVD Information
Status : Modified
Published: 2017-03-27T17:59:00.850
Modified: 2023-11-07T02:49:56.587
Link: CVE-2017-6542
JSON object: View
Redhat Information
No data.
CWE