SSH Putty Exploit Code Posted | Internet News
Developer
SHARE
Facebook X Pinterest WhatsApp

SSH Putty Exploit Code Posted

Written By
Ryan Naraine
Ryan Naraine
Jan 2, 2003
2 minute read

Exploit code for potentially serious vulnerabilities in multiple implementations of SSH has been posted on
the Web, prompting another round of debate over the way security disclosures
are handled by research firms.

The security research division of Spanish firm I-Proyectos posted the
code to exploit the SSH flaws in the freeware Putty SSH and Telnet client
for Windows systems. The code was posted on the BugTraq mailing list and was
meant for “”educational/testing purposes” only, the firm said.

However, security advocates noted that the code could be modified to
attack vulnerabilities in other SSH clients, which are typically used as a
secure replacement for rlogin, rsh, rcp and rdist.

SSH is a program to log into another computer over a network, to execute
commands in a remote machine, and to move files from one machine to another.
It provides authentication and secure communications over insecure channels,
but the flaws found by New York-based Rapid7 could be used by hackers to
execute arbitrary code with the privileges of the secure SSH process or
cause a denial of service. The vulnerabilities occur before user
authentication takes place.

The public posting of the exploit code potentially makes it easy for
attackers to target unpatched systems and again raises the debate over the
responsible disclosure of vulnerabilities. The Internet Security Systems
(ISS) was forced to go public
with its Vulnerability Disclosure Guidelines in the face of criticisms over
its handling of software security alerts.

The public release of the ISS Disclosure Guidelines came just weeks
after security experts chided the firm for releasing information about
security flaws in the BIND server and Sun’s Solaris Font Service before
giving the affected vendors enough time to issue patches or fixes.

While the posting of exploit code by research firms is somewhat rare,
proof-of-concept code has been released in the past once a patch has been
issued.

Appropriate patches for the SSH vulnerabilities have been issued by most
vendors and the latest exploit code was tested and executed against putty
0.52 running on Windows XP Windows 2000.
Ryan Naraine
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information