SSH Client Updated To Fix a Large Number of Security Vulnerabilities

The free and open-source SSH client updated with the fix for a number of Security Vulnerabilities including the one in RSA key exchange and the latest version is PuTTY 0.71.

PuTTY is an SSH and telnet client for the Windows platform. PuTTY is an open source Project that is available with source code and is developed and supported by a group of volunteers.

PuTTY is one of the most widely used SSH clients to Cloud server, Networking devices, and Virtual private servers. It remains as a standard tool to connect with remote devices for a number of years.

The latest release of PuTTY 0.71 includes fixes for a number of security vulnerabilities.

DSA signature check bypass 

The bug affects development snapshot versions dated 2019, before 2019-02-11 of PuTTY and the release versions not impacted with the bug. The vulnerability allows an attacker to steal SSH sessions through man-in-the-middle attacks.

Integer overflow 

All the version’s up to 0.70 PuTTY’ RSA key exchange failed to enforce the RSA keys specified in RFC 4432 sent by the server, starting from PuTTY 0.71, now enforces the minimum key lengths specified in RFC 4432.

Potential Malicious code execution 

With Version 0.70 and below, if you launch help then it looks for the putty.chm file, if somebody inserted malicious codes with the file then it executed, this is because HTML Help files (.chm) can arrange in turn to run code of their choice.

With Version 0.71 the CHM is protected against malicious modification by the Authenticode signature.

Buffer Overflow in Unix PuTTY 

Up to and including version 0.70, the Unix PuTTY tools used select(2) to watch their collections of active Unix file descriptors for activity. As of 0.71, all the Unix PuTTY tools have switched to monitoring file descriptors using poll(2), which does not have this API bug.

Authentication Prompts 

Up to and including version 0.70, the PuTTY tools had no way to indicate whether a piece of terminal output was a genuine user-authentication prompt, starting from version 0.71, the data that was legitimately emitted by the local PuTTY during SSH connection setup is marked with what our code describes as a ‘trust sigil’.

Cryptographic Random Numbers 

Up to version 0.70 cryptographic random number generator could occasionally use the same batch of random bytes twice, with that entire random number generator has been completely replaced with a freshly written one based on Schneier and Ferguson’s algorithm.

DoS if Many Unicode 

Up to version 0.70, PuTTY’s terminal emulator supports remembering an unlimited number of combining characters in each character cell of the terminal. With 0.71, this is fixed by limiting each character cell to at most 32 combining characters.

DoS by Terminal output 

With version 0.70 and below the GTK front end to PuTTY’s terminal emulator would fail an assertion in a corner case, starting from 0.71, this assertion failure is fixed. PuTTY will cleanly handle this case.

DoS by Terminal output CJK 

Up to version 0.70, PuTTY’s terminal emulator would fail an assertion if the terminal is exactly one column wide and the terminal output stream tries to print a width-2 character. With 0.71, this assertion failure is fixed.

Users are recommended to PuTTY 0.71 that covers all the bugs, Latest version of PuTTY can be downloaded from here.