The latest insights from the load balancing experts | Loadbalancer.org
  • Support
  • Blog
  • +1 833 274 2566
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • Support
  • Blog
Schedule your demo
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • Support
  • Blog

The latest insights from the load balancing experts | Loadbalancer.org

  • Latest posts
  • By topic
    • How Tos
    • Events
    • Guest Blogs
    • Top Ten Blogs
    • HA Proxy
  • By sector
    • Healthcare
    • Storage
    • Security
    • Print
    • Microsoft
  • How-To's
  • HAProxy
  • High Availability
  • Just for Fun
  • Security
  • Events
  • News
  • Amazon AWS
  • Linux
  • Healthcare
  • Top 10 Blogs
  • Reviews and Comparisons
  • SSL
  • Web Application Firewall (WAF)
  • Case Studies
  • Microsoft Azure
  • Disaster Recovery
  • Direct Server Return (DSR)
  • Microsoft Exchange
  • Global Server Load Balancing (GSLB)
  • Microsoft
  • Print
  • Denial of Service
  • Microsoft Remote Desktop Services
  • Web Filters / Proxy
  • Object Storage
  • Broadcast Media
  • X-Forwarded-For Header (XFF)
  • Guest Blogs
  • Google Cloud Platform (GCP)
  • VMware
  • Nutanix
  • open source
See more tags

New PuTTY vulnerability "vuln-ech-overflow" identified - upgrade to 0.66 to protect your environment

9 November 2015 / 1 min read / Security

Information

It has been identified that versions of PuTTY, PutTTYtel and pterm are vulnerable to a potential exploit in the handling of ECH (erase characters), affecting versions 0.54 to 0.65. Due to the way that PuTTY uses a signed integer variable to store the number of characters to be erased and there was inadequate checking for overflow, there was the potential for an attacker to corrupt important data in certain circumstances. If a very large parameter was passed to ECH, then it could inspect memory outside of the terminal buffer and then should it find UCSWIDE at that location, it would have the potential to corrupt the nearby memory.

We would strongly encourage our customers to ensure that (where possible) they are running current, patched versions of PuTTY to minimise the potential to be affected by this vulnerability.  It has been remediated in version 0.66 which was published on 07 November 2015.

More in-depth information can be read on the links below.

Resources

  • http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
  • CVE-2015-5309

Found in

Security

About the author

Dave Saunders-profile-image
Dave Saunders

Having previously worked as a system administrator at IBM for over 12 years, maintaining infrastructure used by a global team, Dave joined the Loadbalancer.org support team to further develop his skillset and gain experience of varied customer environments.

Read More

Related posts

How-To's
How-To's
29 Oct 2020
How to train your Web Application Firewall (WAF) Aaron West
Training a WAF can be difficult - but not impossible. Find out how we recommend doing it, and how our tools make the whole process easier.

11 min read

Read more
HAProxy
HAProxy
27 Jul 2020
How to tackle bugs and vulnerabilities – a solutions architect’s opinion Himakshi Goswami
Dealing with bugs and vulnerabilities is quite common in the tech space. Aaron West, the head of Solutions at Loadbalancer.org shares some insights about our approach of tackling such issues, and more.

9 min read

Read more
News
News
5 Feb 2016
Loadbalancer.org buys new head office building in Portsmouth Malcolm Turnbull
Loadbalancer.org is 13 years old, and we thought it was about time we bought our very own office building! Anyone who has visited our current UK office at the Technopole Portsmouth, will understand why

2 min read

Read more

Get started

Get in touch

Start a conversation about the right solution for your business.

Get in touch

Create your quote

Transparent pricing you can see straight away.

Create your quote

Download now

Try us free for 30 days – see why our customers love us.

Download now

Schedule a virtual meeting with us

Working remotely or from home? Let’s meet on a call or online.

Let's meet

Follow Loadbalancer.org

+1 833 274 2566
  • Company
    • Solutions
    • Services
    • Load balancer
    • Why Loadbalancer.org
    • Blog
    • Professional services
    • Sitemap
  • Load balancer
    • Get a quote
    • Free trial
    • Online demo
  • Resources
    • Manuals
    • Deployment guides
    • Applications
    • White papers
    • Case studies
    • Solutions
  • Support
    • FAQ's
    • Open a ticket
    • Security news
  • Applications
    • Healthcare
    • Storage
    • Print
    • Security
    • Microsoft
The latest insights from the load balancing experts | Loadbalancer.org

The latest insights from the load balancing experts | Loadbalancer.org. All rights reserved

  • Contact Us
  • Terms & Conditions
  • Privacy Policy