Gentoo Security Advisory GLSA 200502-28 (Putty) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200502-28.

Solution

All PuTTY users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/putty-0.57' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200502-28 http://bugs.gentoo.org/show_bug.cgi?id=82753 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html http://www.idefense.com/application/poi/display?id=201&type=vulnerabilities

Insight

PuTTY was found to contain vulnerabilities that can allow a malicious SFTP server to execute arbitrary code on unsuspecting PSCP and PSFTP clients.

Severity

Classification

CVE CVE-2005-0467

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200406-18 (gzip)
Gentoo Security Advisory GLSA 200408-12 (gaim)
Gentoo Security Advisory GLSA 200403-01 (libxml)
Gentoo Security Advisory GLSA 200405-13 (neon)
Gentoo Security Advisory GLSA 200405-08 (pound)

Take action and discover your vulnerabilities