From a16eb2d6cb79692bf56604aa3966eeb055b1ed69 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Mon, 18 Nov 2019 22:08:17 -0500 Subject: [PATCH] Added three new PuTTY vulns. --- ssh-audit.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssh-audit.py b/ssh-audit.py index c1b2835..650a977 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -1952,6 +1952,9 @@ class SSH(object): # pylint: disable=too-few-public-methods ['1.2.3', '2.1.1', 1, 'CVE-2001-0361', 4.0, 'recover plaintext from ciphertext'], ['1.2', '2.1', 1, 'CVE-2000-0525', 10.0, 'execute arbitrary code (improper privileges)']], 'PuTTY': [ + ['0.0', '0.72', 2, 'CVE-2019-17069', 5.0, 'potential DOS by remote SSHv1 server'], + ['0.71', '0.72', 2, 'CVE-2019-17068', 5.0, 'xterm bracketed paste mode command injection'], + ['0.52', '0.72', 2, 'CVE-2019-17067', 7.5, 'port rebinding weakness in port forward tunnel handling'], ['0.0', '0.71', 2, 'CVE-2019-XXXX', 5.0, 'undefined vulnerability in obsolete SSHv1 protocol handling'], ['0.0', '0.71', 6, 'CVE-2019-XXXX', 5.0, 'local privilege escalation in Pageant'], ['0.0', '0.70', 2, 'CVE-2019-9898', 7.5, 'potential recycling of random numbers'],