Notified: November 07, 2008 Updated: November 24, 2008
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 07, 2008 Updated: November 24, 2008
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 07, 2008 Updated: November 24, 2008
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 07, 2008 Updated: November 24, 2008
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 07, 2008 Updated: November 24, 2008
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 07, 2008 Updated: January 05, 2009
Affected
The latest release (0.60) of PuTTY will always preferentially select CTR-mode ciphers over CBC-mode, and cannot even be configured by the user to do otherwise. Therefore, it is immune to this vulnerability when talking to any server which supports CTR mode. Development snapshots of PuTTY beginning with 2008-11-27 will contain a countermeasure which avoids leaking information through this attack even when operating in CBC mode. Future releases of PuTTY will also contain this countermeasure. (That is, the countermeasures will prevent PuTTY from leaking information about data previously sent from the server to the client. Protecting data sent from client to server, such as passwords, must be done by the server.) We are currently not treating this vulnerability as severe enough to warrant an emergency security release.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 07, 2008 Updated: November 24, 2008
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 07, 2008 Updated: November 24, 2008
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 07, 2008 Updated: November 24, 2008
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: November 07, 2008 Updated: January 12, 2009
Affected
VShell® version 3.5.1 and earlier, SecureCRT® version 6.1.2 and earlier, SecureFX® version 6.1.2 and earlier, and VanDyke ClientPack 6.1.2 and earlier are potentially vulnerable to this attack.
The advisory recommends using the AES cipher in CTR mode rather than CBC mode. VShell for some platforms, SecureCRT, SecureFX, and the VanDyke ClientPack for some platforms now prefer the AES cipher in CTR mode by default. Please see the following web page for more information. http://www.vandyke.com/support/advisory/2008/12/cpni-957037.html
Notified: November 07, 2008 Updated: November 24, 2008
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.