aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorjosef <josef@FreeBSD.org>2004-11-04 08:05:23 +0800
committerjosef <josef@FreeBSD.org>2004-11-04 08:05:23 +0800
commitc2e0374ab3624ab25a72ec2a7d54694767cb64b8 (patch)
treea885ec7938d80bfacaf0792190682a0ddfb4bf11 /security
parentf780b066071d3a46c47577b04da9274468caae68 (diff)
downloadfreebsd-ports-gnome-c2e0374ab3624ab25a72ec2a7d54694767cb64b8.tar.gz
freebsd-ports-gnome-c2e0374ab3624ab25a72ec2a7d54694767cb64b8.tar.zst
freebsd-ports-gnome-c2e0374ab3624ab25a72ec2a7d54694767cb64b8.zip
Document vulnerability in putty
Reviewed by: simon
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml28
1 files changed, 28 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 97282b50bb98..0c01b3a3e75c 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,34 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="19518d22-2d05-11d9-8943-0050fc56d258">
+ <topic>putty -- buffer overflow vulnerability in ssh2 support</topic>
+ <affects>
+ <package>
+ <name>putty</name>
+ <range><lt>0.56</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>There is a bug in SSH2 support that allows a server to execute
+ malicious code on a connecting PuTTY client.
+ This attack can be performed before host key verification happens,
+ so a different machine -- man in the middle attack -- could fake
+ the machine you are connecting to.</p>
+ </body>
+ </description>
+ <references>
+ <mlist msgid="1CE07882ECEE894CA2D5A89B8DEBC4010A2DD2@porgy.admin.idefense.com>">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=109890310929207</mlist>
+ <url>http://www.gentoo.org/security/en/glsa/glsa-200410-29.xml</url>
+ <url>http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ssh2-debug.html</url>
+ </references>
+ <dates>
+ <discovery>2004-10-26</discovery>
+ <entry>2004-11-02</entry>
+ </dates>
+ </vuln>
+
<vuln vid="e0070221-2dd8-11d9-a9e7-0001020eed82">
<topic>wzdftpd -- remote DoS</topic>
<affects>
generated by cgit (git 2.34.1) at 2024-11-24 18:47:35 +0800