Lucene search

DebianDEBIAN:DLA-3794-1:3D856

HistoryApr 25, 2024 - 8:47 p.m.

[SECURITY] [DLA 3794-1] putty security update

2024-04-2520:47:44

lists.debian.org

ssh client

authentication vulnerability

cve-2019-17069

man-in-the-middle

terrapin attack

cve-2020-14002

cve-2021-36367

cve-2023-48795

putty

debian 10 buster

security update

information leak

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

6.9 Medium

AI Score

Confidence

High

0.963 High

EPSS

Percentile

99.5%

JSON

Debian LTS Advisory DLA-3794-1 [email protected]
https://www.debian.org/lts/security/ Bastien RoucariÃ¨s
April 25, 2024 https://wiki.debian.org/LTS

Package : putty
Version : 0.74-1+deb11u1~deb10u1
CVE ID : CVE-2019-17069 CVE-2020-14002 CVE-2021-36367 CVE-2023-48795
Debian Bug : 990901

Putty, a Telnet/SSH client for X, was vulnerable.

CVE-2019-17069

PuTTY allowed remote SSH-1 servers to cause a denial
of service by accessing freed memory locations via an
SSH1_MSG_DISCONNECT message.

CVE-2020-14002

PuTTY had an Observable Discrepancy leading to an
information leak in the algorithm negotiation.
This allowed man-in-the-middle attackers to target
initial connection attempts (where no host key for the
server has been cached by the client).

CVE-2021-36367

PuTTY proceeded with establishing an SSH session even
if it has never sent a substantive authentication response.
This made it easier for an attacker-controlled SSH server
to present a later spoofed authentication prompt (that the
attacker can use to capture credential data, and use that
data for purposes that are undesired by the client user).

CVE-2023-48795

PuTTY was vulnerable to Terrapin attack. The SSH transport
protocol with certain OpenSSH extensions, allowed remote attackers
to bypass integrity checks such that some packets are omitted (from
the extension negotiation message), and a client and server may
consequently end up with a connection for which some security
features have been downgraded or disabled. This occurs because the
SSH Binary Packet Protocol (BPP), implemented by these extensions,
mishandles the handshake phase and mishandles use of sequence
numbers. For example, there is an effective attack against SSH's
use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The
bypass occurs in chacha20-poly1305 and (if CBC is used)
the -etm MAC algorithms.

For Debian 10 buster, this problem has been fixed in version
0.74-1+deb11u1~deb10u1.

We recommend that you upgrade your putty packages.

For the detailed security status of putty please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/putty

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian12mipselputty-tools< 0.78-2+deb12u1putty-tools_0.78-2+deb12u1_mipsel.deb
Debian12mips64elopenssh-client-dbgsym< 1:9.2p1-2+deb12u2openssh-client-dbgsym_1:9.2p1-2+deb12u2_mips64el.deb
Debian12amd64openssh-client< 1:9.2p1-2+deb12u2openssh-client_1:9.2p1-2+deb12u2_amd64.deb
Debian11alldropbear-initramfs< 2020.81-3+deb11u1dropbear-initramfs_2020.81-3+deb11u1_all.deb
Debian12i386libssh-4-dbgsym< 0.10.6-0+deb12u1libssh-4-dbgsym_0.10.6-0+deb12u1_i386.deb
Debian12i386proftpd-mod-odbc-dbgsym< 1.3.8+dfsg-4+deb12u3proftpd-mod-odbc-dbgsym_1.3.8+dfsg-4+deb12u3_i386.deb
Debian12ppc64elproftpd-mod-pgsql-dbgsym< 1.3.8+dfsg-4+deb12u3proftpd-mod-pgsql-dbgsym_1.3.8+dfsg-4+deb12u3_ppc64el.deb
Debian12mips64elopenssh-server< 1:9.2p1-2+deb12u2openssh-server_1:9.2p1-2+deb12u2_mips64el.deb
Debian12s390xssh-askpass-gnome-dbgsym< 1:9.2p1-2+deb12u2ssh-askpass-gnome-dbgsym_1:9.2p1-2+deb12u2_s390x.deb
Debian12armelopenssh-server< 1:9.2p1-2+deb12u2openssh-server_1:9.2p1-2+deb12u2_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	mipsel	putty-tools	< 0.78-2+deb12u1	putty-tools_0.78-2+deb12u1_mipsel.deb
Debian	12	mips64el	openssh-client-dbgsym	< 1:9.2p1-2+deb12u2	openssh-client-dbgsym_1:9.2p1-2+deb12u2_mips64el.deb
Debian	12	amd64	openssh-client	< 1:9.2p1-2+deb12u2	openssh-client_1:9.2p1-2+deb12u2_amd64.deb
Debian	11	all	dropbear-initramfs	< 2020.81-3+deb11u1	dropbear-initramfs_2020.81-3+deb11u1_all.deb
Debian	12	i386	libssh-4-dbgsym	< 0.10.6-0+deb12u1	libssh-4-dbgsym_0.10.6-0+deb12u1_i386.deb
Debian	12	i386	proftpd-mod-odbc-dbgsym	< 1.3.8+dfsg-4+deb12u3	proftpd-mod-odbc-dbgsym_1.3.8+dfsg-4+deb12u3_i386.deb
Debian	12	ppc64el	proftpd-mod-pgsql-dbgsym	< 1.3.8+dfsg-4+deb12u3	proftpd-mod-pgsql-dbgsym_1.3.8+dfsg-4+deb12u3_ppc64el.deb
Debian	12	mips64el	openssh-server	< 1:9.2p1-2+deb12u2	openssh-server_1:9.2p1-2+deb12u2_mips64el.deb
Debian	12	s390x	ssh-askpass-gnome-dbgsym	< 1:9.2p1-2+deb12u2	ssh-askpass-gnome-dbgsym_1:9.2p1-2+deb12u2_s390x.deb
Debian	12	armel	openssh-server	< 1:9.2p1-2+deb12u2	openssh-server_1:9.2p1-2+deb12u2_armel.deb