CVE-2004-1008

Name of the Vulnerable Software and Affected Versions: PuTTY versions prior to 0.56

Description: The issue is related to an integer signedness error in the ssh2 rdpkt function, which can be exploited by remote attackers to execute arbitrary code. This is achieved by sending a SSH2 MSG DEBUG packet with a modified stringlen parameter, leading to a buffer overflow.

Recommendations: For versions prior to 0.56, update to version 0.56 or later to resolve the issue. As a temporary workaround, consider restricting access to the ssh2 rdpkt function until a patch is available. Avoid using the stringlen parameter in the affected SSH2 MSG DEBUG packet until the issue is resolved.