If you use Windows at all, you probably use PuTTY, the Windows SSH client. And as we all know, there is a certain class of bug that we feel compelled to write about here: the type of security flaw that affects software that use protocols with two S’s in the name, or any hole found in the Apache Web Server. We should probably widen that net to cover more imminent security problems, but for now we’ll stay with tradition.
And tradition dictates that you all reinstall PuTTY ASAP. Why? Because there are not one, but four major exploits in PuTTY. They were all patched on Aug. 6, so if you’re still not using PuTTY 0.63, there’s a very good chance you have been or are about to be targeted. Remember: SSH is the lifeblood of hackers, and if they get ahold of your SSH keys or take over your client, your systems are at their mercy.
For your edification, here are the CVEs for the four exploits in PuTTY. As you can see, the handshake bug is particularly dangerous.
Mark Wooding discovered a heap-corrupting buffer underrun bug in the modmul function, which performs modular multiplication. As the modmul function is called during validation of any DSA signature received by PuTTY, including during the initial key exchange phase, a malicious server could exploit this vulnerability before the client has received and verified a host key signature. An attack to this vulnerability can thus be performed by a man-in-the-middle between the SSH client and server, and the normal host key protections against man-in-the-middle attacks are bypassed.
It was discovered that non-coprime values in DSA signatures can cause a buffer overflow in the calculation code of modular inverses when verifying a DSA signature. Such a signature is invalid. This bug however applies to any DSA signature received by PuTTY, including during the initial key exchange phase, and thus it can be exploited by a malicious server before the client has received and verified a host key signature.
It was discovered that private keys were left in memory after being used by PuTTY tools.
Gergely Eberhardt from SEARCH-LAB Ltd. discovered that PuTTY is vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication due to improper bounds checking of the length parameter received from the SSH server. A remote attacker could use this vulnerability to mount a local denial of service attack by crashing the putty client.