Main Vulnerability Database SB2019031826

SB2019031826 - Fedora 30 update for putty

Published: March 18, 2019 Updated: April 24, 2025

Security Bulletin ID SB2019031826

Severity

High

Patch available

YES

Number of vulnerabilities 4

Exploitation vector Remote access

Highest impact Code execution

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Key management errors (CVE-ID: CVE-2019-9894)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

2) Buffer overflow (CVE-ID: CVE-2019-9895)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.

3) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2019-9898)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.

4) Input validation error (CVE-ID: CVE-2019-9897)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.

Install update from vendor's website.