{"id":162953,"date":"2024-05-10T05:23:45","date_gmt":"2024-05-10T05:23:45","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=162953"},"modified":"2024-05-10T05:23:47","modified_gmt":"2024-05-10T05:23:47","slug":"citrix-manually-update-putty-ssh-client","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/162953\/security\/citrix-manually-update-putty-ssh-client.html","title":{"rendered":"Citrix warns customers to update PuTTY version installed on their XenCenter system manually"},"content":{"rendered":"
<\/div>\n

Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin’s private SSH key.<\/h2>\n\n\n\n

Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY, a third-party component, for SSH connections to guest VMs. However, PuTTY inclusion was deprecated with XenCenter version 8.2.6, and any versions after 8.2.7 will not include PuTTY. <\/p>\n\n\n\n

The security flaw, tracked as CVE-2024-31497<\/a>, affects multiple versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR, which includes PuTTY.<\/p>\n\n\n\n

The flaw resides in the code that generates signatures from ECDSA private keys which use the NIST P521 curve. An attacker can exploit the vulnerability to recover NIST P-521 private keys.<\/gwmw><\/gwmw><\/p>\n\n\n\n

“An issue has been reported in versions of PuTTY prior to version 0.81; when used in conjunction with XenCenter, this issue may, in some scenarios, allow an attacker who controls a guest VM to determine the SSH private key of a XenCenter administrator who uses that key to authenticate to that guest VM while using an SSH connection.” reads the advisory<\/a>.<\/em><\/p>\n\n\n\n

The company recommends customers who do not want to use the \u201cOpen SSH Console\u201d functionality to remove the PuTTY component.\u00a0 Customers who wish to use the functionality should replace the PuTTY version installed on their XenCenter system with an updated version (with a version number of at least 0.81).<\/p>\n\n\n\n

The vulnerability CVE-2024-31497<\/a> was discovered by researchers Fabian B\u00e4umer and Marcus Brinkmann from the Ruhr University Bochum. B\u00e4umer explained that the vulnerability stems from the generation of biased ECDSA\u00a0cryptographic nonces, which could allow full secret key recovery.<\/p>\n\n\n\n

\u201cThe PuTTY client and all related components generate heavily biased ECDSA nonces in the case of NIST P-521. To be more precise, the first 9 bits of each ECDSA nonce are zero. This allows for full secret key recovery in roughly 60 signatures by using state-of-the-art techniques. These signatures can either be harvested by a malicious server (man-in-the-middle attacks are not possible given that clients do not transmit their signature in the clear) or from any other source, e.g. signed git commits through forwarded agents.\u201d\u00a0Baumer explained<\/a>. \u201cThe nonce generation for other curves is slightly biased as well. However, the bias is negligible and far from enough to perform lattice-based key recovery attacks (not considering cryptanalytical advancements).\u201d<\/em><\/gwmw><\/p>\n\n\n\n

The following products include an affected PuTTY version and are therefore are also impacted by the flaw:<\/p>\n\n\n\n