ASA-202107-37: putty: content spoofing

Arch Linux 754 Published by

A putty security update has been released for Arch Linux.



ASA-202107-37: putty: content spoofing


Arch Linux Security Advisory ASA-202107-37
=========================================
Severity: Low
Date : 2021-07-20
CVE-ID : CVE-2021-36367
Package : putty
Type : content spoofing
Remote : Yes
Link :   https://security.archlinux.org/AVG-2143

Summary
======
The package putty before version 0.76-1 is vulnerable to content
spoofing.

Resolution
=========
Upgrade to 0.76-1.

# pacman -Syu "putty>=0.76-1"

The problem has been fixed upstream in version 0.76.

Workaround
=========
None.

Description
==========
PuTTY before version 0.76 proceeds with establishing an SSH session
even if it has never sent a substantive authentication response. This
makes it easier for an attacker-controlled SSH server to present a
later spoofed authentication prompt (that the attacker can use to
capture credential data, and use that data for purposes that are
undesired by the client user).

Impact
=====
A remote SSH server could present a spoofed authentication prompt.

References
=========
  https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;hc5659aa62848f0aeb5de7bd3839fecc7debefa
  https://security.archlinux.org/CVE-2021-36367



RHSA-2021:2730-01: Important: kernel security and bug fix update

GLSA 202107-48 : systemd: Multiple vulnerabilities

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...