Stairwell threat report: Vulnerable PuTTY SSH libraries (CVE-2024-31497)
On 15 April 2024, Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum identified a vulnerable implementation of DSA for certain elliptic curve configurations in the 0.68 – 0.80 versions of PuTTY SSH libraries. This vulnerability has been assigned CVE-2024-31497.
In this blog, you’ll find:
- A list of potentially vulnerable software identified by the Stairwell platform and not mentioned in the NIST advisory
- Known vulnerable hashes
- A YARA rule created by Stairwell to aid in the detection of vulnerable binaries
- A brief overview of this supply chain vulnerability
As with the recent xz backdoor, a threat report with the known hashes and a YARA rule has already been added to the Stairwell platform to aid users in detection — enabling them to quickly find software supply chain vulnerabilities and software packages like these across their entire environment or have evidence of their absence.
Background
The CVE-2024-31497 PuTTY vulnerability could allow an attacker to reconstruct the private key used in key-based authentication by observing cryptographic signatures. The PuTTY SSH libraries are not only used in the PuTTY suite of tools but in many other open-source and commercial software. PuTTY suite versions 0.81 and greater resolve the vulnerability; however, third-party software must update from the new libraries.
Many enterprise and cloud deployments leverage key-based authentication for management, automation, source repository access, and software deployment. When vulnerable PuTTY library versions are used, and an attacker can observe signatures, they can reconstruct the private key and gain access to sensitive and critical assets. Even though this vulnerability is not remotely exploitable, it could be considered high risk given the impact that a single compromised private key could cause in many enterprises.
Potentially vulnerable software
In addition to the software listed in the NIST advisory, which includes WinSCP, TortoiseGIT, and FileZilla, the Stairwell team has identified other software that may contain the vulnerable library. This software, identified within the Stairwell platform using the YARA rule below, was not included in the NIST advisory at the time of writing:
See the NIST advisory for more information on vulnerable software. Stairwell recommends that security and threat teams conduct the necessary assessments to ensure the varying software they leverage within their environments does not contain the vulnerable library and, if it is found, that they take immediate remediation actions to correct it.
Known vulnerable hashes
Stairwell users can find potentially vulnerable PuTTY binaries using the following query:
pe.product_version < "Release 0.81" && pe.product_name.contains("PuTTy suite")
Here is a non-comprehensive list of vulnerable hashes:
06861c22056919216f925892334ba29b4a2848a7a09c3611540b16e993fd6cc3 w64/plink.exe
b0df9f1c67b830d5c4e2c88565e6c12b08a6634a3c1d234627ffa95fb5e8bcef w64/pageant.exe
a78f4a4937ee5aca61d66bc5168b6becbd7c273a37e0ec5f8a42818ac61e1e34 w64/pscp.exe
eb1b278b91a8f183f9749948abd9556ec21b03ca852c53e423d824d5d7cc3de4 w64/putty.exe
939b9b93cbf54628c83752a971bcfb267d63cc389ca1d5b77705903111e0d631 w64/psftp.exe
43142ccb51cf329049dec3bf9adf61bfad0fb35d6e8ec3c9fafae70dfe292adf Motty
863c2115f7aa27523647b180bc797584e70b21c7bc14bb4ef4de7ea88dd99c9c Motty
ffcf926b44c43f31a57c0ba2a1b535163473d4cadf9f726092ebd95bcf648d14 Motty
8029acfb8350117145762edd84ffab625bc736e12cfce7ce8f0f4030b184d904 Motty
863c2115f7aa27523647b180bc797584e70b21c7bc14bb4ef4de7ea88dd99c9c MobaSCP
0898135879ff775f9560047ee2765a6884ee10d638e9d9eea0e7631296064701 Filezilla
6ac47904238560a22de6477456a29ddea3d6305dd2139a4904f10b514f7b3915 Filezilla
0b28bef2023439d3ca54c01dcbaa30d6230e470faffb02e977463956043386bb Filezilla
66c6b1c04611ef6f1b14396389fd5796c98b68e3ae6a7681820b5620741e3763 OSX Filezilla
0ae9e97597303e2d69bfebdd64f27b6629ba6931a76f29f063bffddb8d622ae Royal TS
eb2d349d4b813c08515a591467a4c65941a9cd24fd1506d104f42441756c45af Royal TS
d3296b9723051094ff8accbc2f17698cae38f2e9e7f9b48cee0199e50b217396 Royal TS
7de6187a1c41cdf3a47687ea6314f169963a95d549f423574ae35e5e7cb365a1 Goodsync
8a4c38d46ba4bcc5b1fde66a52da48d627e24a9581ccac9d7e976d7d471a608e NetBox: SFTP/FTP/FTPS/SCP/WebDAV client for Far Manager
60806dd1966a76f87024f2d254075b84cd0a50bdc0d455067afa772102201220 CyberArk Privileged Session Manager
aad7206fa738212ad0e0f0876013b0d3c93e982a85b82525c77e7e0f98755abe Kitty
d4621052983ccebeaf3a92d671b88d1d4e9a2a4cc6107e87c77da3e142118128 Mobatech MobaXterm
9ba8d6f7f689ee5529843812d6feb574af10a8fba81c3434128b8a468e040552 Mobatech MobaXterm
be9936ef11fec2b2b9823c3d66d1e02f46bcad6850b080a34e14af9b279d6262 Mobatech MobaXterm
YARA rule
The patch to fix the vulnerability removes the custom ECDSA k generator and instead moves to RFC6979-based implementation, which can be seen in this commit.
Using this change, we can see the string “ECDSA deterministic k generator” exists in versions pre-0.81 but no longer in 0.81 and beyond. This applies to all software using the vulnerable PuTTY code such as FileZilla, WinSCP, and other tools. Only binaries with this string implement the vulnerable ECDSA code, making it a good signature for finding vulnerable versions.
This YARA rule can be used to find the vulnerable code in many third-party software products that have incorporated the Putty libraries.
rule CVE_2024_31497_Putty_ECSDA
{
meta:
author="Matt Richard ([email protected])"
date="2024-04-17"
description="Finds putty weak ecc-ssh ECDSA generator CVE-2024-31497"
reference="https://git.tartarus.org/?p=simon/putty.git;a=commit;h=c193fe9848f50a88a4089aac647fecc31ae96d27"
hash="b0df9f1c67b830d5c4e2c88565e6c12b08a6634a3c1d234627ffa95fb5e8bcef"
hash="a78f4a4937ee5aca61d66bc5168b6becbd7c273a37e0ec5f8a42818ac61e1e34"
hash="512e27ef54ccaca2dded62e43b7983bff7c29ef911ce504d099253ff03ef73da"
hash="71cf414127887dcc4e5282bafd6e67a7dd1840d6d25a03af1664eceda2c6816a"
hash="33971e14b7dd85326bc6d50aca9dd506e68e9104f2811dcbd07fe92bfcbcbb50"
hash="b830f9c9130c60f31829707ce94dd868db458494af3d9d9b380909ebd32c7ddd"
hash="eb1b278b91a8f183f9749948abd9556ec21b03ca852c53e423d824d5d7cc3de4"
hash="97917d2459a395fde40c70bebe1b133624d83ad875d44164b940015996ef7ceb"
strings:
$dsa_str = "ECDSA deterministic k generator"
condition:
$dsa_str
}