Wing FTP Software

Posted: **Fri Oct 19, 2018 1:51 pm**

Hello,

A flaw in libssh was published a few days ago, https://threatpost.com/libssh-authentic ... rs/138399/" rel="nofollow

From your release notes I can see that in Wing FTP Server v4.8.7, Released: 19/Apr/2017, you updated to libssh 0.7.5. Is there a timeframe for updating to 0.7.6 to mitigate this serious vulnerability?

Thanks,

Posted: **Fri Oct 19, 2018 3:23 pm**

This needs patched ASAP, Wing FTP instances are sitting ducks until this is resolved unless they're somehow not vulnerable.

Posted: **Fri Oct 19, 2018 4:10 pm**

OK, SFTP authentication part is handled by WingFTP, not libssh. So I think WingFTP won't be effected by this vulnerability.

Posted: **Fri Oct 19, 2018 4:39 pm**

Is a new release still planned or are you confident the current version isn't vulnerable? Thanks!

Posted: **Fri Oct 19, 2018 5:07 pm**

Yes, in WingFTP, SFTP authentication is not handled libssh. Anyway, we will update libssh in the next release, not for this vulnerability.

Posted: **Mon Oct 22, 2018 9:21 am**

Thanks for the clarification

Posted: **Mon Nov 05, 2018 12:36 pm**

The new version 6.0.1 has been released, and libssh is updated to v0.7.7 now.

Wing FTP Software

libssh Vulnerability

libssh Vulnerability

Re: libssh Vulnerability

Re: libssh Vulnerability

Re: libssh Vulnerability

Re: libssh Vulnerability

Re: libssh Vulnerability

Re: libssh Vulnerability