First published: Mon Mar 27 2017(Updated: )
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
PuTTY | <=0.67 | |
SUSE Linux | =42.2 | |
openSUSE Leap | =42.1 |
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-6542 is considered a high-severity vulnerability due to its potential for remote code execution.
To mitigate CVE-2017-6542, upgrade to PuTTY version 0.68 or later.
CVE-2017-6542 affects PuTTY versions prior to 0.68 and specific versions of openSUSE Leap.
Yes, CVE-2017-6542 can be exploited remotely if an attacker can connect to the Unix-domain socket of the forwarded agent.
CVE-2017-6542 enables a buffer overflow attack that can lead to various unspecified impacts on the affected systems.