libssh Vulnerability

fn-sysop · Post by **fn-sysop** » Fri Oct 19, 2018 1:51 pm

Hello,

A flaw in libssh was published a few days ago, https://threatpost.com/libssh-authentic ... rs/138399/" rel="nofollow

From your release notes I can see that in Wing FTP Server v4.8.7, Released: 19/Apr/2017, you updated to libssh 0.7.5. Is there a timeframe for updating to 0.7.6 to mitigate this serious vulnerability?

Thanks,

jadams5 · Post by **jadams5** » Fri Oct 19, 2018 3:23 pm

This needs patched ASAP, Wing FTP instances are sitting ducks until this is resolved unless they're somehow not vulnerable.

Post by **FTP** » Fri Oct 19, 2018 4:10 pm

OK, SFTP authentication part is handled by WingFTP, not libssh. So I think WingFTP won't be effected by this vulnerability.

jadams5 · Post by **jadams5** » Fri Oct 19, 2018 4:39 pm

Is a new release still planned or are you confident the current version isn't vulnerable? Thanks!

Post by **FTP** » Fri Oct 19, 2018 5:07 pm

Yes, in WingFTP, SFTP authentication is not handled libssh. Anyway, we will update libssh in the next release, not for this vulnerability.

fn-sysop · Post by **fn-sysop** » Mon Oct 22, 2018 9:21 am

Thanks for the clarification

Post by **FTP** » Mon Nov 05, 2018 12:36 pm

The new version 6.0.1 has been released, and libssh is updated to v0.7.7 now.

libssh Vulnerability

libssh Vulnerability

Re: libssh Vulnerability

Re: libssh Vulnerability

Re: libssh Vulnerability

Re: libssh Vulnerability

Re: libssh Vulnerability

Re: libssh Vulnerability