Download
| Alert*
|
oval:org.secpod.oval:def:1800799
Prior to any download in the SCP sink protocol, the server sends a line of text consisting of an octal number encoding Unix file permissions, a decimal number encoding the file size,and the file name. Since the file size can exceed 232 bytes, and in some compilation configurations of PuTTY the host ... oval:org.secpod.oval:def:34009 The host is installed with PuTTY before 0.67 and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the SCP command-line utility, which fails to handle a crafted SCP-SINK file-size response to an SCP download request. Successful exploitation allows remote servers to cause ... |
