From a16eb2d6cb79692bf56604aa3966eeb055b1ed69 Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Mon, 18 Nov 2019 22:08:17 -0500
Subject: [PATCH] Added three new PuTTY vulns.

---
 ssh-audit.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ssh-audit.py b/ssh-audit.py
index c1b2835..650a977 100755
--- a/ssh-audit.py
+++ b/ssh-audit.py
@@ -1952,6 +1952,9 @@ class SSH(object):  # pylint: disable=too-few-public-methods
 				['1.2.3',   '2.1.1',   1, 'CVE-2001-0361',  4.0, 'recover plaintext from ciphertext'],
 				['1.2',     '2.1',     1, 'CVE-2000-0525', 10.0, 'execute arbitrary code (improper privileges)']],
 			'PuTTY': [
+				['0.0', '0.72', 2, 'CVE-2019-17069', 5.0, 'potential DOS by remote SSHv1 server'],
+				['0.71', '0.72', 2, 'CVE-2019-17068', 5.0, 'xterm bracketed paste mode command injection'],
+				['0.52', '0.72', 2, 'CVE-2019-17067', 7.5, 'port rebinding weakness in port forward tunnel handling'],
 				['0.0', '0.71', 2, 'CVE-2019-XXXX', 5.0, 'undefined vulnerability in obsolete SSHv1 protocol handling'],
 				['0.0', '0.71', 6, 'CVE-2019-XXXX', 5.0, 'local privilege escalation in Pageant'],
 				['0.0', '0.70', 2, 'CVE-2019-9898', 7.5, 'potential recycling of random numbers'],