New PuTTY Version Fixes Major Security Hole

Posted on August 17, 2004

If you use the excellent Windows SSH client PuTTY, make sure to go update to the latest version, 0.55, as soon as possible:

2004-08-03 SECURITY HOLE, fixed in PuTTY 0.55

PuTTY 0.55, released today, fixes a serious security hole which may allow a server to execute code of its choice on a PuTTY client connecting to it. In SSH2, the attack can be performed before host key verification, meaning that even if you trust the server you think you are connecting to, a different machine could be impersonating it and could launch the attack before you could tell the difference. We recommend everybody upgrade to 0.55 as soon as possible.

Jason Lefkowitz

Jason A. Lefkowitz is a programmer and writer. For his sins, he lives in Myrtle Beach, South Carolina. This is his "blog." (Kids, ask your parents.)

Odds ‘n Ends

Except where otherwise noted, all content on this Web site is provided under the terms of the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Web feedA web feed for this site is available, in Atom 1.0 format.

Fonts by TypeKit. For turbo nerds, a colophon is available here.