Stairwell threat report: Vulnerable PuTTY SSH libraries (CVE-2024-31497)

Background

The CVE-2024-31497 PuTTY vulnerability could allow an attacker to reconstruct the private key used in key-based authentication by observing cryptographic signatures. The PuTTY SSH libraries are not only used in the PuTTY suite of tools but in many other open-source and commercial software. PuTTY suite versions 0.81 and greater resolve the vulnerability; however, third-party software must update from the new libraries.

Many enterprise and cloud deployments leverage key-based authentication for management, automation, source repository access, and software deployment. When vulnerable PuTTY library versions are used, and an attacker can observe signatures, they can reconstruct the private key and gain access to sensitive and critical assets. Even though this vulnerability is not remotely exploitable, it could be considered high risk given the impact that a single compromised private key could cause in many enterprises.

Potentially vulnerable software

In addition to the software listed in the NIST advisory, which includes WinSCP, TortoiseGIT, and FileZilla, the Stairwell team has identified other software that may contain the vulnerable library. This software, identified within the Stairwell platform using the YARA rule below, was not included in the NIST advisory at the time of writing:

See the NIST advisory for more information on vulnerable software. Stairwell recommends that security and threat teams conduct the necessary assessments to ensure the varying software they leverage within their environments does not contain the vulnerable library and, if it is found, that they take immediate remediation actions to correct it.

Known vulnerable hashes

Stairwell users can find potentially vulnerable PuTTY binaries using the following query:

pe.product_version < "Release 0.81" && pe.product_name.contains("PuTTy suite")

Here is a non-comprehensive list of vulnerable hashes:

06861c22056919216f925892334ba29b4a2848a7a09c3611540b16e993fd6cc3 w64/plink.exe b0df9f1c67b830d5c4e2c88565e6c12b08a6634a3c1d234627ffa95fb5e8bcef w64/pageant.exe a78f4a4937ee5aca61d66bc5168b6becbd7c273a37e0ec5f8a42818ac61e1e34 w64/pscp.exe eb1b278b91a8f183f9749948abd9556ec21b03ca852c53e423d824d5d7cc3de4 w64/putty.exe 939b9b93cbf54628c83752a971bcfb267d63cc389ca1d5b77705903111e0d631 w64/psftp.exe 43142ccb51cf329049dec3bf9adf61bfad0fb35d6e8ec3c9fafae70dfe292adf Motty 863c2115f7aa27523647b180bc797584e70b21c7bc14bb4ef4de7ea88dd99c9c Motty ffcf926b44c43f31a57c0ba2a1b535163473d4cadf9f726092ebd95bcf648d14 Motty 8029acfb8350117145762edd84ffab625bc736e12cfce7ce8f0f4030b184d904 Motty 863c2115f7aa27523647b180bc797584e70b21c7bc14bb4ef4de7ea88dd99c9c MobaSCP 0898135879ff775f9560047ee2765a6884ee10d638e9d9eea0e7631296064701 Filezilla 6ac47904238560a22de6477456a29ddea3d6305dd2139a4904f10b514f7b3915 Filezilla 0b28bef2023439d3ca54c01dcbaa30d6230e470faffb02e977463956043386bb Filezilla 66c6b1c04611ef6f1b14396389fd5796c98b68e3ae6a7681820b5620741e3763 OSX Filezilla 0ae9e97597303e2d69bfebdd64f27b6629ba6931a76f29f063bffddb8d622ae Royal TS eb2d349d4b813c08515a591467a4c65941a9cd24fd1506d104f42441756c45af Royal TS d3296b9723051094ff8accbc2f17698cae38f2e9e7f9b48cee0199e50b217396 Royal TS 7de6187a1c41cdf3a47687ea6314f169963a95d549f423574ae35e5e7cb365a1 Goodsync 8a4c38d46ba4bcc5b1fde66a52da48d627e24a9581ccac9d7e976d7d471a608e NetBox: SFTP/FTP/FTPS/SCP/WebDAV client for Far Manager 60806dd1966a76f87024f2d254075b84cd0a50bdc0d455067afa772102201220 CyberArk Privileged Session Manager aad7206fa738212ad0e0f0876013b0d3c93e982a85b82525c77e7e0f98755abe Kitty d4621052983ccebeaf3a92d671b88d1d4e9a2a4cc6107e87c77da3e142118128 Mobatech MobaXterm 9ba8d6f7f689ee5529843812d6feb574af10a8fba81c3434128b8a468e040552 Mobatech MobaXterm be9936ef11fec2b2b9823c3d66d1e02f46bcad6850b080a34e14af9b279d6262 Mobatech MobaXterm

YARA rule

The patch to fix the vulnerability removes the custom ECDSA k generator and instead moves to RFC6979-based implementation, which can be seen in this commit.

Using this change, we can see the string “ECDSA deterministic k generator” exists in versions pre-0.81 but no longer in 0.81 and beyond. This applies to all software using the vulnerable PuTTY code such as FileZilla, WinSCP, and other tools. Only binaries with this string implement the vulnerable ECDSA code, making it a good signature for finding vulnerable versions.

This YARA rule can be used to find the vulnerable code in many third-party software products that have incorporated the Putty libraries.

rule CVE_2024_31497_Putty_ECSDA { meta: author="Matt Richard ([email protected])" date="2024-04-17" description="Finds putty weak ecc-ssh ECDSA generator CVE-2024-31497" reference="https://git.tartarus.org/?p=simon/putty.git;a=commit;h=c193fe9848f50a88a4089aac647fecc31ae96d27" hash="b0df9f1c67b830d5c4e2c88565e6c12b08a6634a3c1d234627ffa95fb5e8bcef" hash="a78f4a4937ee5aca61d66bc5168b6becbd7c273a37e0ec5f8a42818ac61e1e34" hash="512e27ef54ccaca2dded62e43b7983bff7c29ef911ce504d099253ff03ef73da" hash="71cf414127887dcc4e5282bafd6e67a7dd1840d6d25a03af1664eceda2c6816a" hash="33971e14b7dd85326bc6d50aca9dd506e68e9104f2811dcbd07fe92bfcbcbb50" hash="b830f9c9130c60f31829707ce94dd868db458494af3d9d9b380909ebd32c7ddd" hash="eb1b278b91a8f183f9749948abd9556ec21b03ca852c53e423d824d5d7cc3de4" hash="97917d2459a395fde40c70bebe1b133624d83ad875d44164b940015996ef7ceb" strings: $dsa_str = "ECDSA deterministic k generator" condition: $dsa_str }

Threat report: xz backdoor

Research

Threat report: xz backdoor

How Stairwell users have insight into xz backdoor in their organizations, pIus IOCs & YARA rules.

Mastering asset management

Webinars & videos

Mastering asset management

Learn how to master asset management within the Stairwell platform.

Engineering: Generating synthetic traffic to monitor system health

Blogs

Engineering: Generating synthetic traffic to monitor system health

How do you have confidence your app is working the way it should be? Let's talk creating a prober.