Subscribers to the BugTraq security mailing list got a belated and unwanted Christmas present over the weekend when someone posted exploit code for a set of recently discovered flaws in the SSHv2 protocol.
The code is designed to exploit one of the vulnerabilities on the Putty SSH client.
Putty is a freeware SSH and Telnet client for Windows systems. The BugTraq message, which contained the usual disclaimer that the code was for “educational/testing purposes” only, was posted by the security research division of a Spanish organization called I-Proyectos.
The SSH (secure shell) protocol is a transport layer protocol that enables clients to connect securely to a remote server. Its often used for remote administration purposes.
The end result of an exploitation of one of the vulnerabilities varies by vendor and vulnerability, but in some cases could allow attackers to run code on remote machines.
Other effects include denial-of-service. Rapid 7 Inc., the New York-based security company that found the vulnerabilities, only tested SSHv2 implementations. Most of the flaws involve memory access violations, and all of them are found in the greeting and key-exchange phase of the SSH transmission.
Although the exploit code was written for the Putty client, crackers regularly take such files and modify them to attack other vulnerable implementations. Security researchers often write exploits to test their own systems for vulnerabilities and then release the code publicly as a proof-of-concept. This is typically done after a patch is made available, as was the case with the SSH vulnerabilities.