Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZDI-CAN-24744: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability
Vulnerability Description
Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network path, negotiate an ntlm hash out of the victim's machine to an attacker controlled remote host. An attacker can use password cracking tools or NetNTLMv2 hashes to Pass the Hash. Version 3.7.5 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
mintty 输入验证错误漏洞
Vulnerability Description
mintty是mintty开源的应用软件Cygwin终端仿真器,也可用于MSYS 和Msys2。 mintty 2.3.6版本至3.7.4版本存在输入验证错误漏洞,该漏洞源于转义序列处理不当,可能导致NTLM哈希泄露。
CVSS Information
N/A
Vulnerability Type
N/A