CVE-2006-7162 — Putty vulnerability

5 documents5 sources

Severity

1.9LOWNVD

EPSS

0.0%

top 87.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Putty Debian Putty

Timeline

PublishedMar 7

Latest updateMay 1

Description

PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/putty< putty 0.59-1 (bookworm)

▶Debianputty/putty< 0.59-1+3

▶NVDputty/putty0.59

Patches

Patch: bugs.debian.org ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-72fv-g98m-465j: PuTTY 0↗2022-05-01

▶

OSV

CVE-2006-7162: PuTTY 0↗2007-03-07

▶

📋Vendor Advisories

Debian

CVE-2006-7162: putty - PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing p...↗2006

▶

💬Community

Bugzilla

CVE-2006-7162: putty <= 0.59 file permissions issues↗2007-03-10

▶