Allele Security Intelligence

ASA-2019-00552 – PuTTY: Use-after-free on SSH1_MSG_DISCONNECT

Posted on October 3, 2019October 7, 2019 by Allele Security Intelligence in Alerts

An SSH-1 server could trigger an access to freed memory by sending the SSH1_MSG_DISCONNECT message.

ASA-2019-00551 – PuTTY: Malicious clipboard content injection in bracketed paste mode

Posted on October 3, 2019October 6, 2019 by Allele Security Intelligence in Alerts

In the PuTTY terminal, bracketed paste mode was broken in 0.72, in a way that made the pasted data look like manual keyboard input. So any application relying on the bracketing sequences to protect against malicious clipboard contents would have been misled.

ASA-2019-00550 – PuTTY: Hijacking sockets used for local port forwarding

Posted on October 3, 2019October 6, 2019 by Allele Security Intelligence in Alerts

On Windows, the listening sockets used for local port forwarding were opened in a mode that did not prevent other processes from also listening on the same ports and stealing some of the incoming connections.