CVE-2017-6542

CRITICAL

PuTTY < 0.68 - Buffer Overflow via SSH Agent Protocol Message

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-6542. PoCs published by Tim Kosse.

AI-analyzed exploit summary The writeup describes an integer overflow vulnerability in PuTTY's ssh_agent_channel_data function, which can lead to heap corruption when processing forwarded SSH agent connections. The provided PoC demonstrates a crash via a crafted payload sent to the SSH_AUTH_SOCK socket.

Description

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tim Kosse · textdoslinux

https://www.exploit-db.com/exploits/42137

View Code ZIP pw:eip

The writeup describes an integer overflow vulnerability in PuTTY's ssh_agent_channel_data function, which can lead to heap corruption when processing forwarded SSH agent connections. The provided PoC demonstrates a crash via a crafted payload sent to the SSH_AUTH_SOCK socket.

Classification

Writeup 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: PuTTY versions prior to 0.68

No auth needed

Prerequisites: SSH agent forwarding enabled · Access to the forwarded agent connection socket

MITRE ATT&CK