More security issues in putty (CVE-2013-4206, CVE-2013-4207, CVE-2013-4208)
|Reported by:||oden||Owned by:|
|Component version:||Operating system type:||Linux|
|Operating system version:|
"On 08/06/2013 01:56 PM, Vincent Danen wrote:
There seem to be some CVEs needed for putty 0.63 due to some other
fixes that were fixed alongside CVE-2013-4852:
- a heap-corrupting buffer underrun bug in the modmul function
which performs modular multiplication:
Please use CVE-2013-4206 for this issue.
- A buffer overflow vulnerability in the calculation of modular
inverses when verifying a DSA signature:
use CVE-2013-4207 for this issue.
- Private keys left in memory after being used by PuTTY tools:
use CVE-2013-4208 for this issue."