The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-08a4a5ead8 advisory.

  - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a     user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially     important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The     required set of signed messages may be publicly readable because they are stored in a public Git service     that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-     forwarding mechanism. In other words, an adversary may already have enough signature information to     compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a     key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A     second, independent scenario is that the adversary is an operator of an SSH server to which the victim     authenticates (for remote login or file copy), even though this server is not fully trusted by the victim,     and the victim uses the same private key for SSH connections to other services operated by other entities.
    Here, the rogue server operator (who would otherwise have no way to determine the victim's private key)     can derive the victim's private key, and then use it for unauthorized access to those other services. If     the other services include Git services, then again it may be possible to conduct supply-chain attacks on     software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3,     TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. (CVE-2024-31497)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 080936ba-fbb7-11ee-abc8-6960f2492b1d advisory.

  - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a     user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially     important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The     required set of signed messages may be publicly readable because they are stored in a public Git service     that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-     forwarding mechanism. In other words, an adversary may already have enough signature information to     compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a     key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A     second, independent scenario is that the adversary is an operator of an SSH server to which the victim     authenticates (for remote login or file copy), even though this server is not fully trusted by the victim,     and the victim uses the same private key for SSH connections to other services operated by other entities.
    Here, the rogue server operator (who would otherwise have no way to determine the victim's private key)     can derive the victim's private key, and then use it for unauthorized access to those other services. If     the other services include Git services, then again it may be possible to conduct supply-chain attacks on     software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3,     TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. (CVE-2024-31497)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202407-11 (PuTTY: Multiple Vulnerabilities)

    Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below     for details.

Tenable has extracted the preceding description block directly from the Gentoo Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-8401d42de6 advisory.

  - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a     user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially     important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The     required set of signed messages may be publicly readable because they are stored in a public Git service     that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-     forwarding mechanism. In other words, an adversary may already have enough signature information to     compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a     key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A     second, independent scenario is that the adversary is an operator of an SSH server to which the victim     authenticates (for remote login or file copy), even though this server is not fully trusted by the victim,     and the victim uses the same private key for SSH connections to other services operated by other entities.
    Here, the rogue server operator (who would otherwise have no way to determine the victim's private key)     can derive the victim's private key, and then use it for unauthorized access to those other services. If     the other services include Git services, then again it may be possible to conduct supply-chain attacks on     software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3,     TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. (CVE-2024-31497)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0111-1 advisory.

  - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a     user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially     important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The     required set of signed messages may be publicly readable because they are stored in a public Git service     that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-     forwarding mechanism. In other words, an adversary may already have enough signature information to     compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a     key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A     second, independent scenario is that the adversary is an operator of an SSH server to which the victim     authenticates (for remote login or file copy), even though this server is not fully trusted by the victim,     and the victim uses the same private key for SSH connections to other services operated by other entities.
    Here, the rogue server operator (who would otherwise have no way to determine the victim's private key)     can derive the victim's private key, and then use it for unauthorized access to those other services. If     the other services include Git services, then again it may be possible to conduct supply-chain attacks on     software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3,     TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. (CVE-2024-31497)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-0489e7ba1e advisory.

  - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a     user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially     important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The     required set of signed messages may be publicly readable because they are stored in a public Git service     that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-     forwarding mechanism. In other words, an adversary may already have enough signature information to     compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a     key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A     second, independent scenario is that the adversary is an operator of an SSH server to which the victim     authenticates (for remote login or file copy), even though this server is not fully trusted by the victim,     and the victim uses the same private key for SSH connections to other services operated by other entities.
    Here, the rogue server operator (who would otherwise have no way to determine the victim's private key)     can derive the victim's private key, and then use it for unauthorized access to those other services. If     the other services include Git services, then again it may be possible to conduct supply-chain attacks on     software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3,     TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. (CVE-2024-31497)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-cba85cc558 advisory.

  - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a     user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially     important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The     required set of signed messages may be publicly readable because they are stored in a public Git service     that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-     forwarding mechanism. In other words, an adversary may already have enough signature information to     compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a     key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A     second, independent scenario is that the adversary is an operator of an SSH server to which the victim     authenticates (for remote login or file copy), even though this server is not fully trusted by the victim,     and the victim uses the same private key for SSH connections to other services operated by other entities.
    Here, the rogue server operator (who would otherwise have no way to determine the victim's private key)     can derive the victim's private key, and then use it for unauthorized access to those other services. If     the other services include Git services, then again it may be possible to conduct supply-chain attacks on     software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3,     TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. (CVE-2024-31497)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ff9a2fb31c advisory.

  - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a     user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially     important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The     required set of signed messages may be publicly readable because they are stored in a public Git service     that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-     forwarding mechanism. In other words, an adversary may already have enough signature information to     compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a     key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A     second, independent scenario is that the adversary is an operator of an SSH server to which the victim     authenticates (for remote login or file copy), even though this server is not fully trusted by the victim,     and the victim uses the same private key for SSH connections to other services operated by other entities.
    Here, the rogue server operator (who would otherwise have no way to determine the victim's private key)     can derive the victim's private key, and then use it for unauthorized access to those other services. If     the other services include Git services, then again it may be possible to conduct supply-chain attacks on     software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3,     TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6. (CVE-2024-31497)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. 

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3839 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3839-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Bastien Roucaris     June 20, 2024                                 https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : putty     Version        : 0.74-1+deb11u1~deb10u2     CVE ID         : CVE-2024-31497

    A biased ECDSA nonce generation allowed an attacker     to recover a user's NIST P-521 secret key via a quick attack in     approximately 60 signatures. In other words, an adversary     may already have enough signature information to compromise a victim's     private key, even if there is no further use of vulnerable PuTTY     versions.

    This allowed an attacker to (for instance) log in to any servers     the victim uses that key for.

    To obtain these signatures, an attacker need only briefly compromise     any server the victim uses the key to authenticate to.

    Therefore, if you have any NIST-P521 ECDSA key, we strongly recommend     you to replace it with a freshly new created with a fixed version of     putty. Then, to revoke the old public key and remove it from any     machine where you use it to login into, so that a signature     from the compromised key has no value any more.

    The only affected key type is 521-bit ECDSA. That is, a key that appears     in Windows PuTTYgen with ecdsa-sha2-nistp521 at the start of the     'Key fingerprint' box, or is described as 'NIST p521', or has an id     starting ecdsa-sha2-nistp521 in the SSH protocol or the key file.
    Other sizes of ECDSA, and other key algorithms, are unaffected.
    In particular, Ed25519 is not affected.

    For Debian 10 buster, this problem has been fixed in version     0.74-1+deb11u1~deb10u2.

    We recommend that you upgrade your putty packages.

    For the detailed security status of putty please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/putty

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
193903	Fedora 38 : putty (2024-08a4a5ead8)	Nessus	Fedora Local Security Checks	4/25/2024	5/13/2024	medium
193367	FreeBSD : PuTTY and embedders (f.i., filezilla) -- biased RNG with NIST P521/ecdsa-sha2-nistp521 signatures permits recovering private key (080936ba-fbb7-11ee-abc8-6960f2492b1d)	Nessus	FreeBSD Local Security Checks	4/16/2024	5/13/2024	medium
201917	GLSA-202407-11 : PuTTY: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	7/5/2024	7/5/2024	medium
193455	Fedora 39 : filezilla / libfilezilla (2024-8401d42de6)	Nessus	Fedora Local Security Checks	4/18/2024	5/13/2024	medium
193806	openSUSE 15 Security Update : putty (openSUSE-SU-2024:0111-1)	Nessus	SuSE Local Security Checks	4/24/2024	5/13/2024	medium
193865	Fedora 38 : filezilla / libfilezilla (2024-0489e7ba1e)	Nessus	Fedora Local Security Checks	4/25/2024	5/13/2024	medium
193907	Fedora 39 : putty (2024-cba85cc558)	Nessus	Fedora Local Security Checks	4/26/2024	5/13/2024	medium
194522	Fedora 40 : filezilla / libfilezilla (2024-ff9a2fb31c)	Nessus	Fedora Local Security Checks	4/29/2024	5/13/2024	medium
193433	PuTTY < 0.81 Key Recovery Attack Vulnerability	Nessus	Windows	4/17/2024	4/19/2024	high
200783	Debian dla-3839 : pterm - security update	Nessus	Debian Local Security Checks	6/20/2024	6/20/2024	medium

Detections

Analytics

Plugins Search

medium

medium

medium

medium

medium

medium

medium

medium

high

medium