Описание
PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| putty | fixed | 0.62-1 | package | |
| putty | fixed | 0.60+2010-02-20-1+squeeze2 | squeeze | package |
Примечания
DSA-2736-1
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html
Hardening measure, not a vulnerability
Связанные уязвимости
PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.
PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.
PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.