PuTTY Information for VU#845620
Multiple RSA implementations fail to properly handle signatures
- Vendor Information Help Date Notified: 08 Sep 2006
- Statement Date:
- Date Updated: 11 Sep 2006
I do not believe that any program in the PuTTY suite is, or has ever been, vulnerable to this attack.
The RSA verification code is in the function rsa2_verifysig() in our source file sshrsa.c, and a quick inspection shows clearly that it rigorously enforces that the ASN.1 data and hash value must be at the very bottom of the PKCS#1 padded integer.
For good measure, our RSA key generator does not, and has never, generated keys with an exponent of 3. (This has nothing to do with whether we're vulnerable to the attack itself, of course, but it does mean we are also not generating keys which can be abused to mount the attack against other systems.)
The vendor has not provided us with any further information regarding this vulnerability.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.