CVE-2013-4208

Sažetak

The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.

Reference

http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
http://secunia.com/advisories/54379
http://secunia.com/advisories/54533
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
http://www.debian.org/security/2013/dsa-2736
http://www.openwall.com/lists/oss-security/2013/08/06/11

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

21-03-2019 - 17:04

Objavljeno

19-08-2013 - 23:55