[nycphp-talk] OT: Filezilla & Putty Security Updates
Jeff Siegel
jsiegel1 at optonline.net
Fri Aug 27 07:26:17 EDT 2004
Security holes found in Putty and Filezilla. Brief description and
relevant URLs are below.
Jeff S.
==========================================================================
"2004-08-03 SECURITY HOLE, fixed in PuTTY 0.55
PuTTY 0.55, released today, fixes a serious security hole which may
allow a server to execute code of its choice on a PuTTY client
connecting to it. In SSH2, the attack can be performed before host key
verification, meaning that even if you trust the server you think you
are connecting to, a different machine could be impersonating it and
could launch the attack before you could tell the difference. We
recommend everybody upgrade to 0.55 as soon as possible. "
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
--------
"Recently, a security vulnerability in PuTTY was found (read
http://www.chiark.greenend.org.uk/~sgtatham/putty/ for details) which
allows attackers to execute malicious code on anyone using PuTTY.
Since the SFTP support in FileZilla is based on PuTTY, FileZilla was
vulnerable as well if connecting to SFTP servers. Version 2.2.8 of
FileZilla fixes the security holes."
http://sourceforge.net/projects/filezilla
More information about the talk
mailing list