Allele Security Alert
ASA-2019-00550
Identifier(s)
ASA-2019-00550, CVE-2019-17067
Title
Hijacking sockets used for local port forwarding
Vendor(s)
PuTTY team
Product(s)
PuTTY
Affected version(s)
PuTTY versions before 0.73
Fixed version(s)
PuTTY version 0.73
Proof of concept
Unknown
Description
On Windows, the listening sockets used for local port forwarding were opened in a mode that did not prevent other processes from also listening on the same ports and stealing some of the incoming connections.
Technical details
Unlike sensible IP stacks, Windows requires a non-default socket option to prevent a second application from binding to a port you were already listening on, causing some of your incoming connections to be diverted. Use SO_EXCLUSIVEADDRUSE for listening sockets.
Credits
Patrick Stekovic
Reference(s)
PuTTY 0.73 is released
https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html
Download PuTTY: release 0.73
https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.73.html
winnet: use SO_EXCLUSIVEADDRUSE for listening sockets.
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=15653f67e8559787d021dda415d93696e98d1804
CVE-2019-17067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17067
CVE-2019-17067
https://nvd.nist.gov/vuln/detail/CVE-2019-17067
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 6, 2019