Hello,
A flaw in libssh was published a few days ago, https://threatpost.com/libssh-authentic ... rs/138399/" rel="nofollow
From your release notes I can see that in Wing FTP Server v4.8.7, Released: 19/Apr/2017, you updated to libssh 0.7.5. Is there a timeframe for updating to 0.7.6 to mitigate this serious vulnerability?
Thanks,
libssh Vulnerability
-
- Posts: 2
- Joined: Fri Oct 19, 2018 3:21 pm
Re: libssh Vulnerability
This needs patched ASAP, Wing FTP instances are sitting ducks until this is resolved unless they're somehow not vulnerable.
-
- Site Admin
- Posts: 2080
- Joined: Tue Sep 29, 2009 6:09 am
Re: libssh Vulnerability
OK, SFTP authentication part is handled by WingFTP, not libssh. So I think WingFTP won't be effected by this vulnerability.
-
- Posts: 2
- Joined: Fri Oct 19, 2018 3:21 pm
Re: libssh Vulnerability
Is a new release still planned or are you confident the current version isn't vulnerable? Thanks!
-
- Site Admin
- Posts: 2080
- Joined: Tue Sep 29, 2009 6:09 am
Re: libssh Vulnerability
Yes, in WingFTP, SFTP authentication is not handled libssh. Anyway, we will update libssh in the next release, not for this vulnerability.
-
- Posts: 2
- Joined: Fri Oct 19, 2018 1:47 pm
Re: libssh Vulnerability
Thanks for the clarification
-
- Site Admin
- Posts: 2080
- Joined: Tue Sep 29, 2009 6:09 am
Re: libssh Vulnerability
The new version 6.0.1 has been released, and libssh is updated to v0.7.7 now.