ASA-2019-00550 – PuTTY: Hijacking sockets used for local port forwarding


Allele Security Alert

ASA-2019-00550

Identifier(s)

ASA-2019-00550, CVE-2019-17067

Title

Hijacking sockets used for local port forwarding

Vendor(s)

PuTTY team

Product(s)

PuTTY

Affected version(s)

PuTTY versions before 0.73

Fixed version(s)

PuTTY version 0.73

Proof of concept

Unknown

Description

On Windows, the listening sockets used for local port forwarding were opened in a mode that did not prevent other processes from also listening on the same ports and stealing some of the incoming connections.

Technical details

Unlike sensible IP stacks, Windows requires a non-default socket option to prevent a second application from binding to a port you were already listening on, causing some of your incoming connections to be diverted. Use SO_EXCLUSIVEADDRUSE for listening sockets.

Credits

Patrick Stekovic

Reference(s)

PuTTY 0.73 is released
https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html

Download PuTTY: release 0.73
https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.73.html

winnet: use SO_EXCLUSIVEADDRUSE for listening sockets.
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=15653f67e8559787d021dda415d93696e98d1804

CVE-2019-17067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17067

CVE-2019-17067
https://nvd.nist.gov/vuln/detail/CVE-2019-17067

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: October 6, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.