Bug 1690382 (CVE-2019-9894, CVE-2019-9895, CVE-2019-9897, CVE-2019-9898) - CVE-2019-9894 CVE-2019-9895 CVE-2019-9898 CVE-2019-9897 putty: multiple vulnerabilities
Summary: CVE-2019-9894 CVE-2019-9895 CVE-2019-9898 CVE-2019-9897 putty: multiple vulne...
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2019-9894, CVE-2019-9895, CVE-2019-9897, CVE-2019-9898
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20190316,repor...
Depends On: 1690385 1690386
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-19 11:30 UTC by Dhananjay Arunesh
Modified: 2019-06-10 10:51 UTC (History)
5 users (show)

Fixed In Version: putty 0.71
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:51:08 UTC


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-03-19 11:30:04 UTC
The following security issue has been discovered in putty < 0.71:
  * a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
  * potential recycling of random numbers used in cryptography
  * on Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
  * multiple denial-of-service attacks that can be triggered by writing to the terminal 
  * Other security enhancements: major rewrite of the crypto code to remove cache and timing side channels

Reference:
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

Upstream commit:
https://build.opensuse.org/request/show/685782

Comment 1 Dhananjay Arunesh 2019-03-19 11:32:34 UTC
External References:

https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.71.html

Comment 2 Dhananjay Arunesh 2019-03-19 11:39:09 UTC
Created putty tracking bugs for this issue:

Affects: fedora-all [bug 1690385]

Comment 3 Dhananjay Arunesh 2019-03-19 11:39:28 UTC
Created putty tracking bugs for this issue:

Affects: epel-all [bug 1690386]

Comment 4 Dhananjay Arunesh 2019-03-22 09:59:23 UTC
Updated flaw with CVEs:

CVE-2019-9894: 
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

CVE-2019-9895:
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.

CVE-2019-9898:
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.

CVE-2019-9897:
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.

Comment 5 Product Security DevOps Team 2019-06-10 10:51:08 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.


Note You need to log in before you can comment on or make changes to this bug.