2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Package : putty
Version : 0.60+2010-02-20-1+squeeze3
CVE ID : CVE-2015-2157
Debian Bug : 779488
MATTA-2015-002
Florent Daigniere discovered that PuTTY did not enforce an
acceptable range for the Diffie-Hellman server value, as required by
RFC 4253, potentially allowing an eavesdroppable connection to be
established in the event of a server weakness.
#779488
CVE-2015-2157
Patrick Coleman discovered that PuTTY did not clear SSH-2 private
key information from memory when loading and saving key files, which
could result in disclosure of private key material.
–
Colin Watson [[email protected]]
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | i386 | pterm | < 0.62-9+deb7u2 | pterm_0.62-9+deb7u2_i386.deb |
Debian | 7 | all | putty-doc | < 0.62-9+deb7u2 | putty-doc_0.62-9+deb7u2_all.deb |
Debian | 7 | armhf | putty-tools | < 0.62-9+deb7u2 | putty-tools_0.62-9+deb7u2_armhf.deb |
Debian | 7 | mips | pterm | < 0.62-9+deb7u2 | pterm_0.62-9+deb7u2_mips.deb |
Debian | 7 | s390x | putty-tools | < 0.62-9+deb7u2 | putty-tools_0.62-9+deb7u2_s390x.deb |
Debian | 7 | ia64 | putty | < 0.62-9+deb7u2 | putty_0.62-9+deb7u2_ia64.deb |
Debian | 7 | amd64 | pterm | < 0.62-9+deb7u2 | pterm_0.62-9+deb7u2_amd64.deb |
Debian | 7 | sparc | putty | < 0.62-9+deb7u2 | putty_0.62-9+deb7u2_sparc.deb |
Debian | 7 | kfreebsd-i386 | putty-tools | < 0.62-9+deb7u2 | putty-tools_0.62-9+deb7u2_kfreebsd-i386.deb |
Debian | 7 | armel | putty | < 0.62-9+deb7u2 | putty_0.62-9+deb7u2_armel.deb |