PuTTY, PSFTP and PSCP are reported prone to multiple integer overflow vulnerabilities. The following individual issues are reported: The first reported vulnerability, an integer overflow, exists in the 'fxp_readdir_recv()' function of the 'sftp.c' source file. A remote malicious server may trigger this vulnerability in order to execute arbitrary code in the context of the user that is running the affected client. It should be noted that this vulnerability exists in a code path that is executed after host key verification occurs, this may hinder exploitation. The second issue, another integer overflow, is reported to exist in the 'sftp_pkt_getstring()' of the 'sftp.c' source file. A remote malicious server may trigger this vulnerability in order to crash the affected client or to potentially execute arbitrary code. It should be noted that this vulnerability exists in a code path that is executed after host key verification occurs, this may also hinder exploitation. These...
PuTTY, PSFTP and PSCP are reported prone to multiple integer overflow vulnerabilities. The following individual issues are reported: The first reported vulnerability, an integer overflow, exists in the 'fxp_readdir_recv()' function of the 'sftp.c' source file. A remote malicious server may trigger this vulnerability in order to execute arbitrary code in the context of the user that is running the affected client. It should be noted that this vulnerability exists in a code path that is executed after host key verification occurs, this may hinder exploitation. The second issue, another integer overflow, is reported to exist in the 'sftp_pkt_getstring()' of the 'sftp.c' source file. A remote malicious server may trigger this vulnerability in order to crash the affected client or to potentially execute arbitrary code. It should be noted that this vulnerability exists in a code path that is executed after host key verification occurs, this may also hinder exploitation. These vulnerabilities are reported to exist in versions of PSFTP and PSCP prior to version 0.57.
