CVE-2004-1008

Published: Dec 1, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www-1.ibm.com/support/docview.wss?uid=ssg1S1002414

x_refsource_CONFIRM

13012

third-party-advisory

x_refsource_SECUNIA

20041027 PuTTY SSH2_MSG_DEBUG Buffer Overflow Vulnerability

third-party-advisory

x_refsource_IDEFENSE

http://www.chiark.greenend.org.uk/~sgtatham/putty/

x_refsource_CONFIRM

putty-ssh2msgdebug-bo(17886)

vdb-entry

x_refsource_XF

12987

third-party-advisory

x_refsource_SECUNIA

11549

vdb-entry

x_refsource_BID

20041027 PuTTY SSH client vulnerability

mailing-list

x_refsource_BUGTRAQ

http://www-1.ibm.com/support/docview.wss?uid=ssg1S1002416

x_refsource_CONFIRM

17214

third-party-advisory

x_refsource_SECUNIA

GLSA-200410-29

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2004-1008

Description

Affected Products

References