by Robinson Roca, Practice Leader – Network Infrastructure
Recently the “Bug Bounty Project”, an endeavor run by the European Union has uncovered a few very risky vulnerabilities in a well know and popular application called PuTTy. PuTTY is a software terminal emulator for Windows and Linux. It provides a text user interface to remote computers running any of its supported protocols, including SSH and Telnet. PuTTy can also be used to create secured tunnels over networks. This tool is used most often as a means of management connectivity to network equipment such as; Citrix NetScaler, switches, firewalls, routers, Linux servers, and even to access Power Shell in Microsoft Windows environments.
These recently discovered vulnerabilities introduces the following risks:
- Remotely executable memory over-write
- A possible recycling of random numbers used in cryptography
- Hijacking through malicious files on Windows
- Remotely executable buffer overflow on Unix
- Possibility of generating denial of service conditions
These risks create the possibility of a man in the middle attack. An (MITM) is when perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. Patched executables have been released and are available for download.
Helient makes our services available to you to mitigate this vulnerability, simply open a ticket and let us know that you would like to upgrade your installation of PuTTy to mitigate the recent vulnerabilities, and we will ensure all installed versions of PuTTy in your environment have been upgraded.
For your reference, The Common Vulnerabilities and Exposure designations are below:
- CVE-2019-3855
- CVE-2019-3863
- CVE-2019-3856
- CVE-2019-3861
- CVE-2019-3857
- CVE-2019-3862
- CVE-2019-3858
- CVE-2019-3860
- CVE-2019-3859
If you have any questions or need assistance with PuTTy, please contact us at service@helient.com.