MitreCVE-2004-1008CVE-2004-1008
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
95.4%
Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| putty | putty | 0.48 | cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:* |
| putty | putty | 0.49 | cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:* |
| putty | putty | 0.50 | cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:* |
| putty | putty | 0.51 | cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:* |
| putty | putty | 0.52 | cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:* |
| putty | putty | 0.53 | cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:* |
| putty | putty | 0.53b | cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:* |
| putty | putty | 0.54 | cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:* |
| putty | putty | 0.55 | cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:* |
| tortoisecvs | tortoisecvs | 1.8 | cpe:2.3:a:tortoisecvs:tortoisecvs:1.8:*:*:*:*:*:*:* |
References
marc.info/?l=bugtraq&m=109889312917613&w=2
secunia.com/advisories/12987/
secunia.com/advisories/13012/
secunia.com/advisories/17214
www-1.ibm.com/support/docview.wss?uid=ssg1S1002414
www-1.ibm.com/support/docview.wss?uid=ssg1S1002416
www.chiark.greenend.org.uk/~sgtatham/putty/
www.gentoo.org/security/en/glsa/glsa-200410-29.xml
www.idefense.com/application/poi/display?id=155&type=vulnerabilities&flashstatus=true
www.securityfocus.com/bid/11549
exchange.xforce.ibmcloud.com/vulnerabilities/17886
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
95.4%