PuTTY 0.66 fixes security vulnerability (opens in new tab)

(chiark.greenend.org.uk)

115 pointsgeococcyxc10y ago52 comments

52 comments

40 comments · 11 top-level

You don't often see vulnerabilities in Putty, which considering the amount of corporate systems it's used with is quite amazing.

hannob10y ago

It may just mean nobody is looking at it.

ipozgaj10y ago

I still don't understand why PuTTY got so popular (e.g. why not OpenSSH/Cygwin combo)

Sanddancer10y ago

Because putty is smaller, faster, can work with serial ports too, which lets you use it to configure routers, debug arduinos, etc. It looks nicer, is easier to choose fonts, offers logging, offers easier clipboard control, and a lot of other features. In short, it's just a much more useful program.

NelsonMinar10y ago

PuTTY had a great VT100/xterm emulator long before any other free SSH option did. And it's a standalone app, no need for a giant Cygwin install.

1 more reply

ShakataGaNai10y ago

Cygwin is a lot bigger and more time consuming to install. Putty is what? Half a meg and you're done? Much much much lower barrier to entry.

There's also the issue that in a corporate environment, having a much smaller attack surface is greatly preferred. Trying to get something like Cygwin past the security dept in a BIG company - quite challenging.

yoshamano10y ago

Because a lot of us don't need anything else Cygwin has to offer. So using it just to have OpenSSH feels like killing a house fly with a hammer.

PuTTY is also much quicker and easier to set up.

rincebrain10y ago

PuTTY is relatively portable, has just enough of a GUI to not require you use cmd.exe to run it, and is not GPL-ware.

(To be clear, I have nothing against the GPL, but some corporate environments avoid it like the plague.)

MichaelMoser12310y ago

Cygwin/OpenSSH crashes/dies frequently (at least for me on Windows 7 / Cygwin64). Putty doesn't do that.

AdmiralAsshat10y ago

I use PuTTY at my job because we do all of our development on a Linux server but have Windows laptops issued to us.

1 more reply

UnoriginalGuy10y ago· 5 in thread

I appreciate the hard work Simon Tatham continues to do on Putty. Has he said anything about the possibility of either signing the Putty executable or at least using HTTPS? Or is he waiting for Let's Encrypt to come on tap?

He even references the threat on that page: "2015-05-19 Malware pretending to be PuTTY." Which would be a lot easier to detect if the software was signed.

noinsight10y ago

> signing the Putty executable

But there's a GPG signature file which you can use to verify the download! How? I wouldn't know because I've never bothered. And if I remember correctly, the RSA key is also 1024 bits which is another no-no (this has come up before).

ehPReth10y ago

Their current release key is RSA 2048: http://www.chiark.greenend.org.uk/~sgtatham/putty/keys.html

2 more replies

ehPReth10y ago

See http://www.chiark.greenend.org.uk/~sgtatham/putty/keys.html

Also the.earth.li (PuTTY's download host) is available over HTTPS: https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe

But I do agree that HTTPS on both by default would be great

UnoriginalGuy10y ago

Those keys aren't cross-signed (i.e. from a CA) and are delivered over HTTP. Totally and completely worthless.

A bad guy could just replace them with their own keys (assuming anyone manually checked these to begin with) and I couldn't detect it.

1 more reply

exadeci10y ago

http://www.9bis.net/kitty/ Is pretty nice and has updates

frozenport10y ago· 5 in thread

How do you execute privileged code from this vulnerability (on the client?)? What is the worst case senario?

consto10y ago

> To exploit a vulnerability in the terminal emulator, an attacker must be able to insert a carefully crafted escape sequence into the terminal stream. For a PuTTY SSH session, this must be before encryption, so the attacker likely needs access to the server you're connecting to. For instance, an attacker on a multi-user machine that you connect to could trick you into running cat on a file they control containing a malicious escape sequence. (Unix write(1) is not a vector for this, if implemented correctly.)

From the sounds of it, an attacker needs to either compromise the machine you intend to ssh into, or mitm before you first ever connect. Once keys are cached you should easily notice if you've been mitmed.

jimrandomh10y ago

No, it's much much worse than that. If you cat a log file, and the log file contains untrusted binary data (such as raw logging of an invalid request to a webserver or something), this can potentially exploit the vulnerability.

frozenport10y ago

Yes, they need to compromise the server but they also need to compromise the client. With both compromised they will have the same execution privileges as the original Putty.exe, then they will need to ROPgadget? If they have both compromised by the heck do they need to use putty?

1 more reply

roel_v10y ago

Seems like anyone with root on a server can compromise anyone who logs on to it using putty; e.g. by putting a payload in the motd or /etc/issue. Or setting the command prompt to something nefarious. Or putting something into log files that are cat'ed. Or even a regular account with access to put a log file somewhere, or using /wall. Or maybe a filename that is shown when using ls (like if you uploaded a file to a server and that file was stored with the name you entered as a user; this would require very carefully crafted shell code though).

All quite unlikely attack vectors and hard to pull off remotely, but I've seen exploits that looked harder from the outside.

0x010y ago

Maybe you could trick the user into clicking on a link to "telnet:evilserver.example.com" and host a telnet-protocol-compatible TCP server on port 23 that just sends the payload without requiring any user login?

kilovoltaire10y ago· 3 in thread

  difficulty: fun: Just needs tuits, and not many of them.

What does tuits mean?

alblue10y ago

There's a phrase "get a round tuit" which is a phonetical approxmaton of "get around to it".

https://en.m.wiktionary.org/wiki/round_tuit

McGlockenshire10y ago

I've also seen it used as a variation on "intuition."

sjclemmy10y ago

you just beat me tuit!

newman31410y ago· 2 in thread

Too bad putty still doesn't support ed25519

tetsefly10y ago

Looks like ed25519 was added in May 10th, 2015. [1]

     We claim version: SSH-2.0-PuTTY_Snapshot_2015_11_08.b003e5c
     Server version: SSH-2.0-OpenSSH_6.7p1 Debian-5
     Using SSH protocol version 2
     Doing ECDH key exchange with curve Curve25519 and hash SHA-256
     Host key fingerprint is:
     ssh-ed25519 256 <fingerprint>
     Initialised ChaCha20 client->server encryption
     Initialised Poly1305 client->server MAC algorithm (in ETM mode) (required by cipher)
     Initialised ChaCha20 server->client encryption
     Initialised Poly1305 server->client MAC algorithm (in ETM mode) (required by cipher)

I'm no expert, and this might not be what you are talking about, but to my untrained eye, it does?

Now, to get back on topic, they believe that the attack would already need access to the server.

"To exploit a vulnerability in the terminal emulator, an attacker must be able to insert a carefully crafted escape sequence into the terminal stream. For a PuTTY SSH session, this must be before encryption, so the attacker likely needs access to the server you're connecting to. For instance, an attacker on a multi-user machine that you connect to could trick you into running cat on a file they control containing a malicious escape sequence. (Unix write(1) is not a vector for this, if implemented correctly.)"

[1] http://tartarus.org/~simon-git/gitweb/?p=putty-wishlist.git;...

MrRadar10y ago

Ed25519 and ChaCha20-Poly1305 support are present in Git but not in any released version yet.

1 more reply

Bud10y ago· 1 in thread

You know what I love about PuTTY? It's been around since the Clinton Administration (debuted in 1998), but it's still only at version 0.66.

What will it take to get a version 1.0? Sentience?

vacri10y ago

My favourite was the roguelike ADoM, which went up to 0.99, then alpha through gamma, then up to gamma 16, for a final version of 0.99gamma16 before tripping over to 1.0.

mappu10y ago· 1 in thread

MinTTY in Cygwin is based on the terminal emulation code from PuTTY, is it affected by the same CVE-2015-5309 ?

voltagex_10y ago

I'd also like to know this, but won't have time to check. There's also many many forks of PuTTY that'll need to be updated.

MaulingMonkey10y ago· 1 in thread

My TtyRec player is PuTTY based <_<. Updates.

fabulist10y ago

don't forget to restart, as well.

mlhamel10y ago· 1 in thread

Is there anywhere sources of putty available?

DanBC10y ago

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.h...

newsignup10y ago· 1 in thread

fuzzy lop seems to be quite handy since recently I saw a post here when they found 10s of bugs in ffmpeg.

IshKebab10y ago

I think it was more like 1000...

fluffyllemon10y ago

> This bug was found with the help of American Fuzzy Lop

j / k navigate · click thread line to collapse

52 comments

40 comments · 11 top-level

sofaofthedamned10y ago· 9 in thread

You don't often see vulnerabilities in Putty, which considering the amount of corporate systems it's used with is quite amazing.

hannob10y ago

It may just mean nobody is looking at it.

ipozgaj10y ago

I still don't understand why PuTTY got so popular (e.g. why not OpenSSH/Cygwin combo)

Sanddancer10y ago

NelsonMinar10y ago

PuTTY had a great VT100/xterm emulator long before any other free SSH option did. And it's a standalone app, no need for a giant Cygwin install.

1 more reply

ShakataGaNai10y ago

Cygwin is a lot bigger and more time consuming to install. Putty is what? Half a meg and you're done? Much much much lower barrier to entry.

yoshamano10y ago

Because a lot of us don't need anything else Cygwin has to offer. So using it just to have OpenSSH feels like killing a house fly with a hammer.

PuTTY is also much quicker and easier to set up.

rincebrain10y ago

PuTTY is relatively portable, has just enough of a GUI to not require you use cmd.exe to run it, and is not GPL-ware.

(To be clear, I have nothing against the GPL, but some corporate environments avoid it like the plague.)

MichaelMoser12310y ago

Cygwin/OpenSSH crashes/dies frequently (at least for me on Windows 7 / Cygwin64). Putty doesn't do that.

AdmiralAsshat10y ago

I use PuTTY at my job because we do all of our development on a Linux server but have Windows laptops issued to us.

1 more reply

UnoriginalGuy10y ago· 5 in thread

He even references the threat on that page: "2015-05-19 Malware pretending to be PuTTY." Which would be a lot easier to detect if the software was signed.

noinsight10y ago

> signing the Putty executable

ehPReth10y ago

Their current release key is RSA 2048: http://www.chiark.greenend.org.uk/~sgtatham/putty/keys.html

2 more replies

ehPReth10y ago

See http://www.chiark.greenend.org.uk/~sgtatham/putty/keys.html

Also the.earth.li (PuTTY's download host) is available over HTTPS: https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe

But I do agree that HTTPS on both by default would be great

UnoriginalGuy10y ago

Those keys aren't cross-signed (i.e. from a CA) and are delivered over HTTP. Totally and completely worthless.

A bad guy could just replace them with their own keys (assuming anyone manually checked these to begin with) and I couldn't detect it.

1 more reply

exadeci10y ago

http://www.9bis.net/kitty/ Is pretty nice and has updates

frozenport10y ago· 5 in thread

How do you execute privileged code from this vulnerability (on the client?)? What is the worst case senario?

consto10y ago

jimrandomh10y ago

frozenport10y ago

1 more reply

roel_v10y ago

All quite unlikely attack vectors and hard to pull off remotely, but I've seen exploits that looked harder from the outside.

0x010y ago

kilovoltaire10y ago· 3 in thread

  difficulty: fun: Just needs tuits, and not many of them.

What does tuits mean?

alblue10y ago

There's a phrase "get a round tuit" which is a phonetical approxmaton of "get around to it".

https://en.m.wiktionary.org/wiki/round_tuit

McGlockenshire10y ago

I've also seen it used as a variation on "intuition."

sjclemmy10y ago

you just beat me tuit!

newman31410y ago· 2 in thread

Too bad putty still doesn't support ed25519

tetsefly10y ago

Looks like ed25519 was added in May 10th, 2015. [1]

     We claim version: SSH-2.0-PuTTY_Snapshot_2015_11_08.b003e5c
     Server version: SSH-2.0-OpenSSH_6.7p1 Debian-5
     Using SSH protocol version 2
     Doing ECDH key exchange with curve Curve25519 and hash SHA-256
     Host key fingerprint is:
     ssh-ed25519 256 <fingerprint>
     Initialised ChaCha20 client->server encryption
     Initialised Poly1305 client->server MAC algorithm (in ETM mode) (required by cipher)
     Initialised ChaCha20 server->client encryption
     Initialised Poly1305 server->client MAC algorithm (in ETM mode) (required by cipher)

I'm no expert, and this might not be what you are talking about, but to my untrained eye, it does?

Now, to get back on topic, they believe that the attack would already need access to the server.

[1] http://tartarus.org/~simon-git/gitweb/?p=putty-wishlist.git;...

MrRadar10y ago

Ed25519 and ChaCha20-Poly1305 support are present in Git but not in any released version yet.

1 more reply

Bud10y ago· 1 in thread

You know what I love about PuTTY? It's been around since the Clinton Administration (debuted in 1998), but it's still only at version 0.66.

What will it take to get a version 1.0? Sentience?

vacri10y ago

My favourite was the roguelike ADoM, which went up to 0.99, then alpha through gamma, then up to gamma 16, for a final version of 0.99gamma16 before tripping over to 1.0.

mappu10y ago· 1 in thread

MinTTY in Cygwin is based on the terminal emulation code from PuTTY, is it affected by the same CVE-2015-5309 ?

voltagex_10y ago

I'd also like to know this, but won't have time to check. There's also many many forks of PuTTY that'll need to be updated.

MaulingMonkey10y ago· 1 in thread

My TtyRec player is PuTTY based <_<. Updates.

fabulist10y ago

don't forget to restart, as well.

mlhamel10y ago· 1 in thread

Is there anywhere sources of putty available?

DanBC10y ago

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.h...