Vulnerability Name:

CVE-2005-0467 (CCN-19403)

Assigned:2005-02-21
Published:2005-02-21
Updated:2017-07-11
Summary:Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-0467

Source: CCN
Type: SA14333
PuTTY Two Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
14333

Source: CCN
Type: SA17214
IBM TotalStorage SAN Volume Controller PuTTY Vulnerability

Source: SECUNIA
Type: UNKNOWN
17214

Source: CONFIRM
Type: UNKNOWN
http://www-1.ibm.com/support/docview.wss?uid=ssg1S1002414

Source: CONFIRM
Type: UNKNOWN
http://www-1.ibm.com/support/docview.wss?uid=ssg1S1002416

Source: CCN
Type: PuTTY Download Web page
PuTTY Download Page

Source: CONFIRM
Type: Vendor Advisory
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html

Source: CCN
Type: PuTTY vulnerability
PuTTY vulnerability vuln-sftp-string

Source: CONFIRM
Type: Vendor Advisory
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html

Source: CCN
Type: GLSA-200502-28
PuTTY: Remote code execution

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200502-28

Source: IDEFENSE
Type: Patch, Vendor Advisory
20050221 Multiple PuTTY SFTP Client Packet Parsing Integer Overflow Vulnerabilities

Source: CCN
Type: OSVDB ID: 14002
PuTTY fxp_readdir_recv() Function Remote Overflow

Source: CCN
Type: OSVDB ID: 14003
PuTTY sftp_pkt_getstring() Function Remote Overflow

Source: CCN
Type: BID-12601
PuTTY/PSFTP/PSCP Multiple Remote Integer Overflow Vulnerabilities

Source: XF
Type: UNKNOWN
putty-sftppktgetstring-bo(19403)

Source: XF
Type: UNKNOWN
putty-sftppktgetstring-bo(19403)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:putty:putty:*:*:*:*:*:*:*:* (Version <= 0.56)

    • * Denotes that component is vulnerable
    BACK
    putty putty *