Heap-based Buffer Overflows in PuTTY Affecting Remote Authentication
CVE-2004-1440

Currently unrated

Key Information:

Vendor: Putty
Status: Putty
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-1440?

Multiple heap-based buffer overflows were found in the modpow function of PuTTY prior to version 0.55. These vulnerabilities allow remote attackers to exploit SSH2 packets by sending a base argument larger than the mod argument, potentially leading to arbitrary code execution. Additionally, malicious servers can trigger a denial of service by sending a large bignum during authentication, which may crash the client and allow further exploitation.

References

http://www.gentoo.org/security/en/glsa/glsa-200408-04.xml

vendor-advisoryx_refsource_GENTOO

http://www.chiark.greenend.org.uk/~sgtatham/putty/changes...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/10850

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Feb 13, 2005
Vulnerability published
Dec 31, 2004

Putty

What is CVE-2004-1440?

References

Timeline