Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   PuTTY Vendors:   Tatham, Simon
PuTTY Integer Overflow in ssh_agent_channel_data Lets Local Users Gain Elevated Privileges or Deny Service
SecurityTracker Alert ID:  1038067
SecurityTracker URL:
CVE Reference:   CVE-2017-6542   (Links to External Site)
Date:  Mar 21 2017
Impact:   Denial of service via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in PuTTY. A local user may be able to obtain elevated privileges on the target system. A local user can cause denial of service conditions.

A local user that can connect to the Unix-domain socket representing the forwarded agent connection can send specially crafted data to trigger a signed integer overflow in execute arbitrary code on the target client or cause PuTTY to crash.

Systems with SSH agent forwarding enabled are affected.

A demonstration exploit command is provided:

(echo -ne '\xFF\xFF\xFF\xFD\x0B'; cat /dev/zero) | socat stdio unix-connect:$SSH_AUTH_SOCK

Tim Kosse reported this vulnerability.

Impact:   A local user can obtain elevated privileges on the target system or cause PuTTY to crash.
Solution:   The vendor has issued a fix (0.68).

A source code fix is available at:;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8

The vendor advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC