Venerable SSH client PuTTY has received a pile of security patches, with its lead maintainer admitting to the The Register that one fixed a “‘game over’ level vulnerability”.
The fixes implemented on PuTTY over the weekend include new features plugging a plethora of vulns in the Telnet and SSH client, most of which were uncovered as part of an EU-sponsored HackerOne bug bounty.
Version 0.71 of PuTTY includes fixes for:
- A remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
- Potential recycling of random numbers used in cryptography
- On Windows, hijacking by a malicious help file in the same directory as the executable
- On Unix,
remotelytriggerable buffer overflow in any kind of server-to-client forwarding
- multiple denial-of-service attacks that can be triggered by writing to the terminal