Menu
▾
▴
#1397 tortposeplink contains vulnerable code CVE-2015-2157
The tortoise plink code is based on putty .56 which has a known security vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2157
Also affected is CVSNT (:ssh: protocol) which we are working on fixing:
http://customer.march-hare.com/webtools/bugzilla/ttshow_bug.cgi?tt=1&id=6862
You may also want to update the Tortoise plink code:
http://tortoisecvs.cvs.sourceforge.net/viewvc/tortoisecvs/TortoiseCVS/src/TortoisePlink/SSHPUBK.C?revision=1.8&view=markup
The same patch I used on CVSNT will probably work for you:
http://customer.march-hare.com/webtools/bugzilla/attachment.cgi?tt=1&id=2806&action=view
Index: plink/putty/sshpubk.c
RCS file: /cvs/cvsnt/plink/putty/sshpubk.c,v
retrieving revision 1.1.2.1
diff -c -r1.1.2.1 sshpubk.c
*** plink/putty/sshpubk.c 4 Aug 2004 11:49:20 -0000 1.1.2.1
--- plink/putty/sshpubk.c 22 May 2015 06:52:10 -0000
*** 78,87 **
|| buf[i + 3] != 0) goto end; / reserved field nonzero, panic! /
i += 4;
! / Now the serious stuff. An ordinary SSH 1 public key. /
! i += makekey(buf + i, len, key, NULL, 1);
! if (i < 0)
goto end; / overran /
if (pub_only) {
ret = 1;
--- 78,88 ----
|| buf[i + 3] != 0) goto end; / reserved field nonzero, panic! /
i += 4;
! / Now the serious stuff. An ordinary SSH-1 public key. /
! j = makekey(buf + i, len - i, key, NULL, 1);
! if (j < 0)
goto end; / overran /
-
i += j;
if (pub_only) {
ret = 1;
