Vulnerability CVE-2013-4852

Vulnerability Name:

CVE-2013-4852 (CCN-86179)

Assigned:

2013-07-08

Published:

2013-07-08

Updated:

2021-08-06

Summary:

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-189

Vulnerability Consequences:

Gain Access

References:

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779

Source: CCN
Type: tortoisegit GIT Repository
Release 1.8.5.0

Source: MITRE
Type: CNA
CVE-2013-4852

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:1347

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:1355

Source: CCN
Type: SA54354
PuTTY SSH Handshake Integer Overflow Vulnerabilities

Source: CCN
Type: SA54355
WinSCP SSH Handshake Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
54379

Source: CCN
Type: SA54415
FileZilla Client PuTTY Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
54517

Source: SECUNIA
Type: UNKNOWN
54533

Source: CCN
Type: SA54599
TortoiseGit PuTTY PLink Multiple Integer Overflow Vulnerabilities

Source: CCN
Type: PuTTY SVN Repository
Revision 9896

Source: MISC
Type: UNKNOWN
http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896

Source: CCN
Type: WinSCP Web site
WinSCP

Source: MISC
Type: UNKNOWN
http://winscp.net/tracker/show_bug.cgi?id=1017

Source: CONFIRM
Type: Vendor Advisory
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html

Source: DEBIAN
Type: UNKNOWN
DSA-2736

Source: DEBIAN
Type: DSA-2736
putty -- several vulnerabilities

Source: MISC
Type: UNKNOWN
http://www.search-lab.hu/advisories/secadv-20130722

Source: CCN
Type: BID-61599
PuTTY 'getstring()' Function Multiple Integer Overflow Vulnerabilities

Source: XF
Type: UNKNOWN
putty-handshake-overflow(86179)

Source: CCN
Type: FileZilla Web Site
FileZilla Client 3.7.3 released

Vulnerable Configuration:

Configuration 1:

cpe:/a:winscp:winscp:5.1.4:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.1.3:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.1.2:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:4.3.8:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:4.3.7:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:4.3.6:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:3.7.6:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.0.6:beta:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.0.5:beta:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.0.4:beta:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:4.3.2:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.0.9:rc:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.0.7:beta:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:3.8_beta:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:4.2.7:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:*:*:*:*:*:*:*:* (Version <= 5.1.5)

OR cpe:/a:winscp:winscp:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:4.3.9:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:4.2.9:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:4.2.6:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.0.2:beta:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:4.2.8:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:3.8.2:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:4.4.0:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:4.3.4:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.0.1:beta:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:4.3.5:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.1:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.0.3:beta:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.0.8:rc:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.0:beta:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:4.0.5:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:7.1:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:6.0:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:putty:putty:0.51:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.50:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.49:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.48:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.58:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.57:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.56:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.55:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.61:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.59:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.54:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.53:*:*:*:*:*:*:*

OR cpe:/a:simon_tatham:putty:*:*:*:*:*:*:*:* (Version <= 0.62)

OR cpe:/a:putty:putty:0.53b:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.52:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.45:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.46:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.47:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:0.60:*:*:*:*:*:*:*

OR cpe:/a:putty:putty:2010-06-01:r8967:*:*:development_snapshot:*:*:*

Configuration CCN 1:

cpe:/a:putty:putty:0.62:*:*:*:*:*:*:*

OR cpe:/a:winscp:winscp:5.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20134852	V	CVE-2013-4852	2022-06-30
oval:org.opensuse.security:def:113184	P	putty-0.67-1.5 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112227	P	filezilla-3.23.0.2-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105757	P	filezilla-3.23.0.2-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106605	P	putty-0.67-1.5 on GA media (Moderate)	2021-10-01
oval:org.mitre.oval:def:18299	P	DSA-2736-1 putty - several	2014-06-23
oval:com.ubuntu.artful:def:20134852000	V	CVE-2013-4852 on Ubuntu 17.10 (artful) - medium.	2013-08-19
oval:com.ubuntu.trusty:def:20134852000	V	CVE-2013-4852 on Ubuntu 14.04 LTS (trusty) - medium.	2013-08-19
oval:com.ubuntu.cosmic:def:201348520000000	V	CVE-2013-4852 on Ubuntu 18.10 (cosmic) - medium.	2013-08-19
oval:com.ubuntu.bionic:def:20134852000	V	CVE-2013-4852 on Ubuntu 18.04 LTS (bionic) - medium.	2013-08-19
oval:com.ubuntu.xenial:def:20134852000	V	CVE-2013-4852 on Ubuntu 16.04 LTS (xenial) - medium.	2013-08-19
oval:com.ubuntu.bionic:def:201348520000000	V	CVE-2013-4852 on Ubuntu 18.04 LTS (bionic) - medium.	2013-08-19
oval:com.ubuntu.cosmic:def:20134852000	V	CVE-2013-4852 on Ubuntu 18.10 (cosmic) - medium.	2013-08-19
oval:com.ubuntu.xenial:def:201348520000000	V	CVE-2013-4852 on Ubuntu 16.04 LTS (xenial) - medium.	2013-08-19
oval:com.ubuntu.precise:def:20134852000	V	CVE-2013-4852 on Ubuntu 12.04 LTS (precise) - medium.	2013-08-19

BACK