[Tfug] PuTTY security fix released
Angus Scott-Fleming
angussf at geoapps.com
Thu Oct 28 08:28:46 MST 2004
For those of you with Windows users, or still using Windows boxes to manage your *nix boxes,
------- Included Stuff Follows -------
PuTTY: a free telnet/ssh client
2004-10-26 ANOTHER SECURITY HOLE, fixed in PuTTY 0.56
PuTTY 0.56, released today, fixes a serious security
hole which can allow a server to execute code of its
choice on a PuTTY client connecting to it. In SSH2, the
attack can be performed before host key verification,
meaning that even if you trust the server you think you
are connecting to, a different machine could be
impersonating it and could launch the attack before you
could tell the difference. We recommend everybody
upgrade to 0.56 as soon as possible.
That's two really bad holes in three months. I'd like to
apologise to all our users for the inconvenience.
--------- Included Stuff Ends ---------
http://www.chiark.greenend.org.uk/~sgtatham/putty/
--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038 / fax 1-208-248-3124
+-----------------------------------+
More information about the tfug
mailing list