Vulnerability Details CVE-2017-6542
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.258
EPSS Ranking 96.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://lists.opensuse.org/opensuse-updates/2017-03/msg00055.html
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html
- http://www.securityfocus.com/bid/97156
- http://www.securitytracker.com/id/1038067
- https://git.tartarus.org/?p=simon/putty.git%3Ba=commitdiff%3Bh=4ff22863d895cb7ebfced4cf923a012a614adaa8
- https://security.gentoo.org/glsa/201703-03
- https://security.gentoo.org/glsa/201706-09
- https://www.exploit-db.com/exploits/42137/
- http://lists.opensuse.org/opensuse-updates/2017-03/msg00055.html
- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html
- http://www.securityfocus.com/bid/97156
- http://www.securitytracker.com/id/1038067
- https://git.tartarus.org/?p=simon/putty.git%3Ba=commitdiff%3Bh=4ff22863d895cb7ebfced4cf923a012a614adaa8
- https://security.gentoo.org/glsa/201703-03
- https://security.gentoo.org/glsa/201706-09
- https://www.exploit-db.com/exploits/42137/
Products affected by CVE-2017-6542
-
cpe:2.3:a:putty:putty:-
-
cpe:2.3:a:putty:putty:0.45
-
cpe:2.3:a:putty:putty:0.46
-
cpe:2.3:a:putty:putty:0.47
-
cpe:2.3:a:putty:putty:0.48
-
cpe:2.3:a:putty:putty:0.49
-
cpe:2.3:a:putty:putty:0.50
-
cpe:2.3:a:putty:putty:0.51
-
cpe:2.3:a:putty:putty:0.52
-
cpe:2.3:a:putty:putty:0.53
-
cpe:2.3:a:putty:putty:0.53b
-
cpe:2.3:a:putty:putty:0.54
-
cpe:2.3:a:putty:putty:0.55
-
cpe:2.3:a:putty:putty:0.56
-
cpe:2.3:a:putty:putty:0.57
-
cpe:2.3:a:putty:putty:0.58
-
cpe:2.3:a:putty:putty:0.59
-
cpe:2.3:a:putty:putty:0.60
-
cpe:2.3:a:putty:putty:0.61
-
cpe:2.3:a:putty:putty:0.62
-
cpe:2.3:a:putty:putty:0.63
-
cpe:2.3:a:putty:putty:0.65
-
cpe:2.3:a:putty:putty:0.66
-
cpe:2.3:a:putty:putty:0.67
-
cpe:2.3:o:opensuse:leap:42.2
-
cpe:2.3:o:opensuse_project:leap:42.1