From d717f86238e1365808cc0fd0de4a5b62b049c028 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Fri, 3 Jul 2020 15:07:34 -0400 Subject: [PATCH] Added check for use-after-free vulnerability in PuTTY v0.73. --- README.md | 1 + ssh-audit.py | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 12b8d03..c53fb5b 100644 --- a/README.md +++ b/README.md @@ -78,6 +78,7 @@ $ brew install ssh-audit - 1024-bit moduli upgraded from warnings to failures. - Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00)). - Suppress recommendation of token host key types. + - Added check for use-after-free vulnerability in PuTTY v0.73. - Added 2 new host key types: `ssh-rsa1`, `ssh-dss-sha256@ssh.com`. - Added 1 new key exchange: `diffie-hellman-group1-sha256`. - Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128@ssh.com`, `seed-cbc@ssh.com`. diff --git a/ssh-audit.py b/ssh-audit.py index c51241f..d0a7fa5 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -2191,6 +2191,7 @@ class SSH: # pylint: disable=too-few-public-methods ['1.2.3', '2.1.1', 1, 'CVE-2001-0361', 4.0, 'recover plaintext from ciphertext'], ['1.2', '2.1', 1, 'CVE-2000-0525', 10.0, 'execute arbitrary code (improper privileges)']], 'PuTTY': [ + ['0.54', '0.73', 2, 'CVE-2020-XXXX', 5.0, 'out of bounds memory read'], ['0.0', '0.72', 2, 'CVE-2019-17069', 5.0, 'potential DOS by remote SSHv1 server'], ['0.71', '0.72', 2, 'CVE-2019-17068', 5.0, 'xterm bracketed paste mode command injection'], ['0.52', '0.72', 2, 'CVE-2019-17067', 7.5, 'port rebinding weakness in port forward tunnel handling'],