[3.5] putty: Integer overflow in the ssh_agent_channel_data (CVE-2017-6542)
In PuTTY before 0.68, if SSH agent forwarding is enabled, local
attackers
that are also able to connect to the UNIX domain socket could have
overwritten heap data
Fixed in version:
putty 0.68
References:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html
Patch:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8
(from redmine: issue id 7074, created on 2017-03-29, closed on 2017-06-29)
- Relations:
- parent #7073 (closed)
- Changesets:
- Revision a8608eaa by Sergei Lukin on 2017-04-03T10:05:37Z:
main/putty: security upgrade to 0.68 - fixes #7074
CVE-2017-6542: Integer overflow in the ssh_agent_channel_data