MGASA-2024-0140

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2024-0140.html
Import Source
https://advisories.mageia.org/MGASA-2024-0140.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2024-0140
Related
Published
2024-04-20T18:11:17Z
Modified
2024-04-20T17:54:20Z
Summary
Updated putty & filezilla packages fix security vulnerability
Details

The PuTTY client and all related components generate heavily biased ECDSA nonces in the case of NIST P-521. To be more precise, the first 9 bits of each ECDSA nonce are zero. This allows for full secret key recovery in roughly 60 signatures by using state-of-the-art techniques. These signatures can either be harvested by a malicious server (man-in-the-middle attacks are not possible given that clients do not transmit their signature in the clear) or from any other source, e.g. signed git commits through forwarded agents. The nonce generation for other curves is slightly biased as well. However, the bias is negligible and far from enough to perform lattice-based key recovery attacks (not considering cryptanalytical advancements).

References
Credits

Affected packages

Mageia:9 / putty

Package

Name
putty
Purl
pkg:rpm/mageia/putty?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.81-1.mga9

Ecosystem specific 

{
    "section": "core"
}

Mageia:9 / filezilla

Package

Name
filezilla
Purl
pkg:rpm/mageia/filezilla?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.67.0-1.mga9

Ecosystem specific 

{
    "section": "core"
}

Mageia:9 / libfilezilla

Package

Name
libfilezilla
Purl
pkg:rpm/mageia/libfilezilla?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.47.0-1.mga9

Ecosystem specific 

{
    "section": "core"
}