Friday, August 27, 2010
PoTTy DLL Hijack Vulnerability
NAME: PoTTy v0.60
=================
VENDOR: Mr. Hinky Dink
======================
PoTTy, an Open Source, modified version of Simon Tatham's PuTTy (Windows version, v0.60) for Bruce Leidl's Obfuscated-OpenSSH v5.2 server, has been demonstrated vulnerable to the recent Windows DLL hijacking exploit(s).
PROOF OF CONCEPT
================
See storm's (storm@gonullyourself.org) exploit code at http://www.exploit-db.com/exploits/14796/
VENDOR RESPONSE
===============
WTF? How do I fix this?
REMEDIATION
===========
Stop running Windows.
HISTORY
=======
08/27/2010 - Vendor notified
08/27/2010 - Vendor craps pance
08/27/2010 - Vendor decides any publicity is good publicity
08/27/2010 - Vendor publishes details
LINKS:
======
Vendor Response: http://proxyobsession.net/?p=1097
PoTTy Download Page: http://www.mrhinkydink.com/potty.htm
Obfuscated-OpenSSH: http://github.com/brl/obfuscated-openssh
c. MMX Mr. Hinky Dink
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment