CVE-2006-7162

NameCVE-2006-7162
DescriptionPuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs400804

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
putty (PTS)jessie, jessie (lts)0.63-10+deb8u2fixed
stretch (security), stretch (lts), stretch0.67-3+deb9u1fixed
buster (security), buster, buster (lts)0.74-1+deb11u1~deb10u2fixed
bullseye0.74-1+deb11u2fixed
bullseye (security)0.74-1+deb11u1fixed
bookworm0.78-2+deb12u2fixed
bookworm (security)0.78-2+deb12u1fixed
sid, trixie0.82-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
puttysource(unstable)0.59-1unimportant400804

Notes

Unsafe default, but not a vulnerability
Sensitive operations like key generation should only be done in private home

Search for package or bug name: Reporting problems