PuTTY security hole ?

Message

henriko · #1 Post by **henriko** » 2004-08-05 18:03

PuTTY was updated 2004-08-03 because of a security hole.

"PuTTY 0.55, released today, fixes a serious security hole which may allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.55 as soon as possible."

Does anybody know if the same bug affects filezilla ?

Im am not an Filezilla-developer, so I really do not have a clue. But I know that Filezilla uses parts of PuTTY.

#2 Post by **botg** » 2004-08-05 22:24

Thanks for reporting. The fixes have already been applied to the FZ CVS repositors. Version 2.2.8 will be released no later than Saturday.