ID CVE-2015-5309
Summary Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.
References
Vulnerable Configurations
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • Putty 0.65
    cpe:2.3:a:simon_tatham:putty:0.65
CVSS
Base: 4.3 (as of 14-06-2016 - 14:04)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201606-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201606-01 (PuTTY: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details. Impact : Stack-based buffer overflow in the SCP command-line utility allows remote servers to execute arbitrary code or cause a denial of service condition via a crafted SCP-SINK file-size response to an SCP download request. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-10-10
    plugin id 91478
    published 2016-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91478
    title GLSA-201606-01 : PuTTY: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3409.NASL
    description A memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence was discovered in PuTTY's terminal emulator. A remote attacker can take advantage of this flaw to mount a denial of service or potentially to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87163
    published 2015-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87163
    title Debian DSA-3409-1 : putty - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-5AD4A1F151.NASL
    description This is new version of putty. ---- This is an update fixing integer overflow and buffer underrun in erase characters (ECH) handling. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-03-04
    plugin id 89247
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89247
    title Fedora 22 : putty-0.66-1.fc22 (2015-5ad4a1f151)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-347.NASL
    description It was discovered that PuTTY's terminal emulator did not properly validate the parameter to the ECH (erase characters) control sequence, allowing a denial of service and possibly remote code execution. For the oldoldstable distribution (squeeze), this problem has been fixed in version 0.60+2010-02-20-1+squeeze4. For the oldstable (wheezy) and stable (jessie) distributions, this problem will be fixed soon. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 87068
    published 2015-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87068
    title Debian DLA-347-1 : putty security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-766.NASL
    description PuTTY was updated to 0.66 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-5309: Malicious ECH control sequences could have caused an integer overflow, buffer underrun in terminal emulator bnc#954191 Also contains all bug fixes up to the 0.66 release.
    last seen 2019-02-21
    modified 2015-12-09
    plugin id 86924
    published 2015-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86924
    title openSUSE Security Update : putty (openSUSE-2015-766)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-3D17682C15.NASL
    description This is new version of putty. ---- This is an update fixing integer overflow and buffer underrun in erase characters (ECH) handling. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-03-04
    plugin id 89220
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89220
    title Fedora 23 : putty-0.66-1.fc23 (2015-3d17682c15)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_0CB0AFD986B811E5BF60080027EF73EC.NASL
    description Ben Harris reports : Versions of PuTTY and pterm between 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence in the terminal emulator. To exploit a vulnerability in the terminal emulator, an attacker must be able to insert a carefully crafted escape sequence into the terminal stream. For a PuTTY SSH session, this must be before encryption, so the attacker likely needs access to the server you're connecting to. For instance, an attacker on a multi-user machine that you connect to could trick you into running cat on a file they control containing a malicious escape sequence. (Unix write(1) is not a vector for this, if implemented correctly.) Only PuTTY, PuTTYtel, and pterm are affected; other PuTTY tools do not include the terminal emulator, so cannot be exploited this way.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 86805
    published 2015-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86805
    title FreeBSD : PuTTY -- memory corruption in terminal emulator's erase character handling (0cb0afd9-86b8-11e5-bf60-080027ef73ec)
refmap via4
confirm http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
debian DSA-3409
fedora
  • FEDORA-2015-3d17682c15
  • FEDORA-2015-5ad4a1f151
gentoo GLSA-201606-01
sectrack 1034308
suse openSUSE-SU-2015:2023
Last major update 07-12-2016 - 13:16
Published 07-12-2015 - 15:59
Last modified 30-10-2018 - 12:27
Back to Top