The security research division of Spanish firm I-Proyectos posted the code to exploit the SSH flaws in the freeware Putty SSH and Telnet client for Windows systems. The code was posted on the BugTraq mailing list and was meant for ""educational/testing purposes" only, the firm said.
However, security advocates noted that the code could be modified to attack vulnerabilities in other SSH clients, which are typically used as a secure replacement for rlogin, rsh, rcp and rdist.
SSH is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides authentication and secure communications over insecure channels, but the flaws found by New York-based Rapid7 could be used by hackers to execute arbitrary code with the privileges of the secure SSH process or cause a denial of service. The vulnerabilities occur before user authentication takes place.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=iThe public posting of the exploit code potentially makes it easy for attackers to target unpatched systems and again raises the debate over the responsible disclosure of vulnerabilities. The Internet Security Systems (ISS)
was forced to go public with its Vulnerability Disclosure Guidelines in the face of criticisms over its handling of software security alerts.
The public release of the ISS Disclosure Guidelines came just weeks after security experts chided the firm for releasing information about security flaws in the BIND server and Sun's Solaris Font Service before giving the affected vendors enough time to issue patches or fixes.
While the posting of exploit code by research firms is somewhat rare, proof-of-concept code has been released in the past once a patch has been issued.
Appropriate patches for the SSH vulnerabilities have been issued by most vendors and the latest exploit code was tested and executed against putty 0.52 running on Windows XP Windows 2000.