Launchpad CVE tracker

CVE 2015-2157

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.

Related bugs and status

CVE-2015-2157 (Candidate) is related to these bugs:

Bug #1467631: CVE-2015-2157 - SSH2 Private Keys Not Properly Wiped from Memory

		In	Importance	Status
1467631	CVE-2015-2157 - SSH2 Private Keys Not Properly Wiped from Memory	putty (Ubuntu)	Low	Fix Released
1467631	CVE-2015-2157 - SSH2 Private Keys Not Properly Wiped from Memory	putty (Ubuntu Precise)	Low	Won't Fix
1467631	CVE-2015-2157 - SSH2 Private Keys Not Properly Wiped from Memory	putty (Ubuntu Utopic)	Low	Fix Released
1467631	CVE-2015-2157 - SSH2 Private Keys Not Properly Wiped from Memory	putty (Ubuntu Trusty)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2015022...
MLIST: [oss-security] 2015022...
CONFIRM: http://www.chiark.gree...
CONFIRM: http://www.chiark.gree...
DEBIAN: DSA-3190
FEDORA: FEDORA-2015-3070
FEDORA: FEDORA-2015-3204
SUSE: openSUSE-SU-2015:0474
FEDORA: FEDORA-2015-3160
BID: 72825

Launchpad.net

CVE 2015-2157

Related bugs and status

Related bugs

References