4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
9.3 High
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.3%
Package : putty
Version : 0.60+2010-02-20-1+squeeze4
CVE ID : CVE-2015-5309
It was discovered that PuTTY's terminal emulator did not properly
validate the parameter to the ECH (erase characters) control sequence,
allowing a denial of service and possibly remote code execution.
For the oldoldstable distribution (squeeze), this problem has been
fixed in version 0.60+2010-02-20-1+squeeze4.
For the oldstable (wheezy) and stable (jessie) distributions, this
problem will be fixed soon.
–
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
Attachment:
signature.asc
Description: This is a digitally signed message part
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | amd64 | putty-tools | < 0.60+2010-02-20-1+squeeze4 | putty-tools_0.60+2010-02-20-1+squeeze4_amd64.deb |
Debian | 6 | i386 | putty-tools | < 0.60+2010-02-20-1+squeeze4 | putty-tools_0.60+2010-02-20-1+squeeze4_i386.deb |
Debian | 6 | amd64 | putty | < 0.60+2010-02-20-1+squeeze4 | putty_0.60+2010-02-20-1+squeeze4_amd64.deb |
Debian | 6 | all | putty | < 0.60+2010-02-20-1+squeeze4 | putty_0.60+2010-02-20-1+squeeze4_all.deb |
Debian | 6 | i386 | putty | < 0.60+2010-02-20-1+squeeze4 | putty_0.60+2010-02-20-1+squeeze4_i386.deb |
Debian | 6 | all | putty-doc | < 0.60+2010-02-20-1+squeeze4 | putty-doc_0.60+2010-02-20-1+squeeze4_all.deb |
Debian | 6 | i386 | pterm | < 0.60+2010-02-20-1+squeeze4 | pterm_0.60+2010-02-20-1+squeeze4_i386.deb |
Debian | 6 | amd64 | pterm | < 0.60+2010-02-20-1+squeeze4 | pterm_0.60+2010-02-20-1+squeeze4_amd64.deb |