Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Encryption Security Operating Systems Software Windows

Serious Security Hole In PuTTY 72

Posted by timothy from the and-now-it's-fixed dept.
Tim 'gk^' Nilimaa writes "A serious security hole has been found in PuTY, version 0.54 and before. Simon Tatham and his fellows released PuTTY 0.55 on 2004-08-03 which solves this bug. The bug may allow servers to use PuTTY to act as a machine that you trust, even beforce you verify the hosts key while connecting using SSH2. An attack could be a fact before you know that you have connected to the wrong machine. I (and they) say: upgrade to PuTTY 0.55 - now."
This discussion has been archived. No new comments can be posted.

Serious Security Hole In PuTTY More

Serious Security Hole In PuTTY

Comments Filter:

  • Clarification (Score:5, Informative)

    by SpaceLifeForm ( 228190 ) on Wednesday August 04, 2004 @08:48AM (#9877842)
    It's the server that you think you can trust that can execute code on your Putty client.

    The writeup is not clear:

    The bug may allow servers to use PuTTY to act as a machine that you trust,...

    Well, of course you trust your client machine.

  • Re:PuTTY tip (Score:5, Informative)

    by Anonymous Coward on Wednesday August 04, 2004 @09:02AM (#9877955)
    Open Putty, Category -> Connection -> SSH -> Tunnels.

    In the port forwarding section, add new forwarded port.

    Pick a source port. Any port will work, but 1080 is the standard for socks 5 proxies. Leave Destination blank, and choose Dynamic (instead of Local or Remote). Click the add button, and you should see D1080 listed in the box.

    Okay, now you can save your session and start it.

    In applications you can go into their connection settings section and set localhost, port 1080 as the SOCKS host. The application will then tunnel everything through your SSH connection.

  • Re:Recent SSH chatter... (Score:4, Informative)

    by Col. Klink (retired) ( 11632 ) on Wednesday August 04, 2004 @10:06AM (#9878530)
    This exploit attacks a client as it conencts to a server. Seeing ssh chatter in your logs means someone is trying to exploit your server.

  • Re:Recent SSH chatter... (Score:1, Informative)

    by Anonymous Coward on Wednesday August 04, 2004 @10:59AM (#9879035)
    Yes, it's an unbelievably lame script that scans for open SSH ports and then tries to login using "guest" and "test". I bet the 31337 script kiddie who put it together is creaming himself from all the attention it's getting.

    Hint - if you get hacked by this, you probably deserve it.

    It's been thoroughly analysed and doesn't use any exploits old or new. Think of it as an automated retard hunter.

  • Mirrors (Score:3, Informative)

    by MikeSweetser ( 163852 ) * on Wednesday August 04, 2004 @11:09AM (#9879127) Homepage
    It appears the main PuTTY site has been Slashdotted: here's a few more links:

    http://putty.obengelb.de/ [obengelb.de]
    http://www.puttyssh.org/ [puttyssh.org]
    http://putty.activalink.net/ [activalink.net]

    And a nice mirrors list. [obengelb.de]

    Mike

  • Re:Putty Question (Score:3, Informative)

    by Gigs ( 127327 ) on Wednesday August 04, 2004 @11:38AM (#9879455) Homepage Journal
    Thanks... found AutoHotKey [autohotkey.com] while searching for Macro Express and it can be setup to do just what I need.

    THANK YOU, THANK YOU, THANK YOU!!!

  • Re:PuTTY tip (Score:1, Informative)

    by Anonymous Coward on Wednesday August 04, 2004 @11:41AM (#9879494)
    Isnt this only useful if the place you are sshing to can get out on the ports you want to use your app for?

    Yes, but a lot of servers don't restrict outgoing ports, or it may be YOUR remote server, and you can do what you want with it.

    Also the only encryption is between you and the box not from the box out to tinternet.

    True, but again, you may be more concerned about your connection from A -> B than from B -> C, especially if A -> B is work/wireless/whatever. At work all people would see is a single connection on port 22, which you could could even move to make it look less like SSH.

  • Seriously though (Score:5, Informative)

    by GigsVT ( 208848 ) on Wednesday August 04, 2004 @11:51AM (#9879598) Journal
    Does anyone really do anything other than just blindly hit "yes" when presented with a new host identification string?

    Even with strict checking on, most of us are used to blowing records out of known hosts files when they don't match, due to system upgrades causing the old records to be invalid all the time.

  • Re:PuTTY tip (WinSCP, too?) (Score:3, Informative)

    by mikehoskins ( 177074 ) on Wednesday August 04, 2004 @03:48PM (#9882077)
    I don't know if it's been posted, yet, otherwise mod me down as redunant -- I am prepared for your wrath.

    What about WinSCP, which used PuTTY DLLs'?

  • Re:config files? (Score:2, Informative)

    by 5amTheButcher ( 720031 ) <the5ambutcher@gmail.com> on Wednesday August 04, 2004 @03:54PM (#9882128) Homepage Journal
    Have you tried reading the FAQ? [greenend.org.uk]

    I mean, it's really not *that* hard.

  • Config file export (Score:3, Informative)

    by orn ( 34773 ) on Wednesday August 04, 2004 @04:06PM (#9882231)
    Thanks for the link.

    You can export the settings using RegEdit

    Start->Run->regedit
    Select the SimonTatham key
    File->Export
    Save the section on your USB key

    On a new machine you can just double click on the .reg file and import all keys into the new machine.

    Does anyone see any problems with this? Perhaps, you should be sure to _not_ take the RandomSeed key, since you'd like to have more randomness...

    Orn

    From the FAQ:

    A.5.2 Where does PuTTY store its data?

    On Windows, PuTTY stores most of its data (saved sessions, SSH host keys) in the Registry. The precise location is

    HKEY_CURRENT_USER\Software\SimonTatham\PuTTY

    and within that area, saved sessions are stored under Sessions while host keys are stored under SshHostKeys.

    PuTTY also requires a random number seed file, to improve the unpredictability of randomly chosen data needed as part of the SSH cryptography. This is stored by default in your Windows home directory (%HOMEDRIVE%\%HOMEPATH%), or in the actual Windows directory (such as C:\WINDOWS) if the home directory doesn't exist, for example if you're using Win95. If you want to change the location of the random number seed file, you can put your chosen pathname in the Registry, at

    HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Ran dS eedFile

    On Unix, PuTTY stores all of this data in a directory ~/.putty.

  • Re:Config file export (Score:3, Informative)

    by orn ( 34773 ) on Wednesday August 04, 2004 @04:11PM (#9882293)
    Hmm.. further exploration found an alternative method for doing this here:

    http://www.tartarus.org/~simon/puttydoc/Chapter4.h tml#S4.21 [tartarus.org]

  • Re:Recent SSH chatter... (Score:3, Informative)

    by Rich ( 9681 ) on Wednesday August 04, 2004 @07:08PM (#9884164) Homepage
    Someone has been brute forcing ssh passwords - this is likely to be what you're seeing. Check out isc.incidents.org for details.

  • Re:Nice response time (Score:5, Informative)

    by Simon Tatham ( 66941 ) on Thursday August 05, 2004 @10:56AM (#9888966) Homepage
    That's true, we didn't mention that anywhere, did we?

    We were notified of the problem six days before the 0.55 release went out. I'd have liked to get it turned around faster than that, but it took me a few days of bouncing email back and forth to get a coherent description of one of the two problems (the less important one, as it turned out).

    But of course you've only got my word for that...

Slashdot Top Deals

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.

Close