ID CVE-2004-1008
Summary Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*
  • cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*
    cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*
  • cpe:2.3:a:tortoisecvs:tortoisecvs:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:tortoisecvs:tortoisecvs:1.8:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 11549
bugtraq 20041027 PuTTY SSH client vulnerability
confirm
gentoo GLSA-200410-29
idefense 20041027 PuTTY SSH2_MSG_DEBUG Buffer Overflow Vulnerability
secunia
  • 12987
  • 13012
  • 17214
xf putty-ssh2msgdebug-bo(17886)
Last major update 11-07-2017 - 01:30
Published 10-01-2005 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top