New PuTTY Fixes Security Flaw
- 0
- Add a Comment
- No Related Post
If you use PuTTY to access your various Linux/Unix servers from a Windows machine, you’ll want to download the latest upgrade to fix a new security flaw.
From the PuTTY announcement:
“PuTTY 0.55, released today, fixes a serious security hole which may allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.55 as soon as possible.”
This also means that if you’re logging on to a compromised box - whether unintentionally or to troubleshoot/clean - you’ve just made yourself the next victim.