Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1440

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1440
Last Modified 05 Sep 2008 04:41:22
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1440

Summary

Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.

Vulnerable Systems

Application

  • Putty 0.48

  • Putty 0.49

  • Putty 0.50

  • Putty 0.51

  • Putty 0.52

  • Putty 0.53

  • Putty 0.53b

  • Putty 0.54


References

BID - 10850

GENTOO - GLSA-200408-04

SECUNIA - 12212

BUGTRAQ - 20040804 CORE-2004-0705: Vulnerabilities in PuTTY and PSCP

XF - putty-code-execution(16885)

CONFIRM - http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modpow.html

CONFIRM - http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html


Last Updated: 27 May 2016 10:39:02