CVE-2006-7162
First published: Wed Mar 07 2007(Updated: )
PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PuTTY | <=0.59 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-7162?
CVE-2006-7162 has a medium severity rating due to the potential exposure of sensitive information.
How do I fix CVE-2006-7162?
To fix CVE-2006-7162, update to a newer version of PuTTY that ensures proper file permissions for private key files and session logs.
What versions of PuTTY are affected by CVE-2006-7162?
PuTTY versions 0.59 and earlier are affected by CVE-2006-7162.
What type of files are involved in CVE-2006-7162?
CVE-2006-7162 involves .ppk files containing private keys and session log files created by PuTTY.
Who is affected by CVE-2006-7162?
Local users on systems with vulnerable versions of PuTTY can be affected by CVE-2006-7162 as they may gain unauthorized access to sensitive information.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/remedy
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/putty
- canonical/putty
- version/putty/0.59