PuTTY Puttygen Insecure Private Key File Permissions Vulnerability
BID:22809
Info
PuTTY Puttygen Insecure Private Key File Permissions Vulnerability
| Bugtraq ID: | 22809 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 29 2006 12:00AM |
| Updated: | Mar 05 2007 08:25PM |
| Credit: | Daniel Kahn Gillmor discovered this vulnerability. |
| Vulnerable: |
Debian PuTTY 0.58.5 |
| Not Vulnerable: |
Debian PuTTY 0.59.1 |
Discussion
PuTTY Puttygen Insecure Private Key File Permissions Vulnerability
PuTTY is prone to an insecure-file-permissions vulnerability because of a design flaw in the affected application.
An attacker could exploit this issue to access SSH private key files.
Version 0.58-5 on Debian Linux is affected.
NOTE: Although this vulnerability is reported to affect Debian systems at this stage, other Linux distributions may also be affected.
PuTTY is prone to an insecure-file-permissions vulnerability because of a design flaw in the affected application.
An attacker could exploit this issue to access SSH private key files.
Version 0.58-5 on Debian Linux is affected.
NOTE: Although this vulnerability is reported to affect Debian systems at this stage, other Linux distributions may also be affected.
Exploit / POC
PuTTY Puttygen Insecure Private Key File Permissions Vulnerability
An attacker can exploit this issue by using standard utilities to access the vulnerable file.
An attacker can exploit this issue by using standard utilities to access the vulnerable file.
Solution / Fix
PuTTY Puttygen Insecure Private Key File Permissions Vulnerability
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
References
PuTTY Puttygen Insecure Private Key File Permissions Vulnerability
References:
References:
- Debian Linux (Debian Linux)
- PuTTY bug puttygen-unix-perms (Simon Tatham)