Bug 766865 (CVE-2011-4607)

Summary: CVE-2011-4607 putty: keyboard-interactive replies are not wiped from memory after authentication
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: fedora, jima, tremble
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: putty 0.62 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:58:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 766867, 766868, 766869    
Bug Blocks:    

Description Vincent Danen 2011-12-12 17:43:33 UTC 
From the upstream advisory [1]:

When PuTTY has sensitive data in memory and has no further need for it, it should wipe the data out of its memory, in case malware later gains access to the PuTTY process or the memory is swapped out to disk or written into a crash dump file. An obvious example of this is the password typed during SSH login; other examples include obsolete session keys, public-key passphrases, and the private halves of public keys.

PuTTY 0.59 to 0.61 inclusive had a bug in which they failed to wipe from memory the replies typed by the user during keyboard-interactive authentication. Since most modern SSH-2 servers use the keyboard-interactive method for password logins (rather than SSH-2's dedicated password method), this meant that those versions of PuTTY would store your login password in memory for as long as they were running.

PuTTY 0.62 fixes this bug. Keyboard-interactive responses, including passwords, are now correctly wiped from PuTTY's memory again.

However, it is still unavoidably very dangerous if malicious software is in a position to read the memory of your PuTTY processes: there is still a lot of sensitive data in there which cannot be wiped because it's still being used, e.g. session keys. If you're using public-key authentication and malware can read a Pageant process, that's even worse, because the decrypted private keys are stored in Pageant! This fix somewhat mitigates the risks, but no fix can eliminate them completely.

This affects putty releases 0.59 through and including 0.61, and is fixed in 0.62 via svn commit r9357 [3].

[1] http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html
[2] http://svn.tartarus.org/sgt?view=rev&revision=9357
Comment 1 Vincent Danen 2011-12-12 17:48:53 UTC 
Created putty tracking bugs for this issue

Affects: fedora-all [bug 766867]
Affects: epel-5 [bug 766868]
Affects: epel-6 [bug 766869]
Comment 2 Tomas Hoger 2011-12-12 19:42:07 UTC 
Is this something that should get a CVE?  While removing sensitive information from memory when no longer needed is required by e.g. certain crypto processing standards, I can't think of an example when similar problem was handled as vulnerability that got CVE.
Comment 3 Vincent Danen 2011-12-12 21:44:12 UTC 
Not sure this is the best place to discuss this, perhaps oss-sec?

It's been assigned a CVE-2011-4607:

http://seclists.org/oss-sec/2011/q4/500

I think, however, that if it's possible to get keys/passphrases/etc. from memory due to a flaw in a program that didn't used to be there (remember, this was introduced in 0.59), then I think it deserves a CVE name.  Obviously some protection was there before that was not there for a while, and is now back again.
Comment 4 Product Security DevOps Team 2019-06-10 10:58:14 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.