https://www.securityfocus.com/bid/82427
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200502-076

PuTTY是软件开发者SimonTatham所研发的一套免费的Telnet、Rlogin和SSH客户端软件。该软件主要用于对Linux系统进行远程管理。PuTTY0.56PSFTPPSCP客户端中的(1)sftp_pkt_getstring(2)fxp_readdir_recv函数允许远程的恶意网站通过SFTP响应造成的堆错误而执行任意的代码。

PuTTY PUTTY 0.56

来源:IDEFENSE
名称:20050221MultiplePuTTYSFTPClientPacketParsingIntegerOverflowVulnerabilities
链接:http://www.idefense.com/application/poi/display?id=201&type;=vulnerabilities
来源:GENTOO
名称:GLSA-200502-28
链接:http://www.gentoo.org/security/en/glsa/glsa-200502-28.xml
来源:SECUNIA
名称:14333
链接:http://secunia.com/advisories/14333
来源:XF
名称:putty-sftppktgetstring-bo(19403)
链接:http://xforce.iss.net/xforce/xfdb/19403
来源:www.chiark.greenend.org.uk
链接:http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html
来源:www.chiark.greenend.org.uk
链接:http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html
来源:www-1.ibm.com
链接:http://www-1.ibm.com/support/docview.wss?uid=ssg1S1002416
来源:www-1.ibm.com
链接:http://www-1.ibm.com/support/docview.wss?uid=ssg1S1002414
来源:SECUNIA
名称:17214
链接:http://secunia.com/advisories/17214