Jump to content
The Uniform Server Community
Ric

SlimFTP SECURITY ALERT

Recommended Posts

I found this on Whitsoft Development:

 

“SECURITY ALERT: SlimFTPd 3.15 through 3.17 have buffer overflow vulnerabilities that could potentially lead to remote code execution. Users are advised to upgrade to SlimFTPd 3.18 immediately!”

 

1) My question; is it safe to use the current (3.16) plug in download.

 

Added to the security issue the new version 3.18 requires:

“Attention: SlimFTPd now requires the Visual C++ 2005 runtime library

Download Visual C++ 2005 Runtime Redistributable Package (2.52 MB)”

 

2) Will you be up grading to version 3.18 if so how will this impact on portability (run time library issue).

 

This does not cause me a problem, I do not use this plug in, however I would not like it to impact on either security or portablity of US, US is a great product because of its perceived simplicity (hides the real complexity).

Share this post


Link to post
Share on other sites

If I remember correctly, the Visual C++ 2005 Runtime Libraries refer to MSVCP80.dll and MSVCR80.dll.

 

I don't think they should be found on your PC unless you've previously used a program that requires them.

Share this post


Link to post
Share on other sites

If I remember correctly, only MSVC++ 7 Runtimes were included with XP (or at least, one of its service packs) :(

Edited by MrX

Share this post


Link to post
Share on other sites
I found this on Whitsoft Development:

 

“SECURITY ALERT: SlimFTPd 3.15 through 3.17 have buffer overflow vulnerabilities that could potentially lead to remote code execution. Users are advised to upgrade to SlimFTPd 3.18 immediately!”

 

1) My question; is it safe to use the current (3.16) plug in download.

 

Added to the security issue the new version 3.18 requires:

“Attention: SlimFTPd now requires the Visual C++ 2005 runtime library

Download Visual C++ 2005 Runtime Redistributable Package (2.52 MB)”

 

2) Will you be up grading to version 3.18 if so how will this impact on portability (run time library issue).

 

This does not cause me a problem, I do not use this plug in, however I would not like it to impact on either security or portablity of US, US is a great product because of its perceived simplicity (hides the real complexity).

If I remember correctly, only MSVC++ 7 Runtimes were included with XP (or at least, one of its service packs) :D

 

See the difference? MSVC++ 2005 is also known as MSVC++ 8 not MSVC++ 7, which is what I was talking about!

 

(Note: MSVC++ stands for Microsoft Visual C++)

Edited by MrX

Share this post


Link to post
Share on other sites

Anyway, enough of those complex arguments.

 

Before I continue, if you happen to have those Visual C++ 2005 Runtimes installed on your PC, please check if they came with (or were installed together with) another program. You should also check if Windows Update had installed them for you :lol:

 

Ok, now, allow me to use simple reasoning to tell you why most users won't have them (pre)installed on their PCs "out of the box". Visual C++ 2005 was obviously released in 2005. XP and the latest Service Pack 2 were released before 2005. How could DLLs that were released in 2005 come with software that were released before that? (Unless Microsoft stupidly included beta versions of the DLLs in them, which I wish they'd do so their damn OS will have more problems and users would have no choice but to switch to another OS but well, I don't think that's happening any time soon :D)

Share this post


Link to post
Share on other sites

Ok Ok.... you win this one but i still think its no difference..... The new one will have the components of the old one and should be able to also do the job..... i do not think there is a version discripency..... :D ...as to what version you have after 7

Share this post


Link to post
Share on other sites

I found this on Whitsoft Development:

 

“SECURITY ALERT: SlimFTPd 3.15 through 3.17 have buffer overflow vulnerabilities that could potentially lead to remote code execution. Users are advised to upgrade to SlimFTPd 3.18 immediately!”

 

1) My question; is it safe to use the current (3.16) plug in download.

 

Added to the security issue the new version 3.18 requires:

“Attention: SlimFTPd now requires the Visual C++ 2005 runtime library

Download Visual C++ 2005 Runtime Redistributable Package (2.52 MB)”

 

2) Will you be up grading to version 3.18 if so how will this impact on portability (run time library issue).

 

This does not cause me a problem, I do not use this plug in, however I would not like it to impact on either security or portablity of US, US is a great product because of its perceived simplicity (hides the real complexity).

 

If you want the MSVC++ 8 DLLs, you'll need to install that 2.52 MB file unless another program has already installed them for you.

 

Why don't you search for all instances of MSVCP80.dll and MSVCR80.dll in your PC, delete them and then rename MSVCP70.dll and MSVCR70.dll to MSVCP80.dll and MSVCR80.dll respectively? Then, we'll know if it really works.

 

MSVC++ 7.0 = MSVC++ 2003

MSVC++ 8.0 = MSVC++ 2005

Edited by MrX

Share this post


Link to post
Share on other sites

That normal.... Its a FTP Server so some AntiVirus/Firewall software count is as the Backdoor trogan, but its not! Search the forum! Its safe if you use it well.

Share this post


Link to post
Share on other sites

I do love images and the above should scare the paints off you. Oh! It did you should have received two other messages prior to this that gave you the option to allow Apache and MySQL access to the Internet (just allow access). I assume you trusted these and did just that; well if you did not you just took yours servers off line.

 

If what I see is true Norton has removed a valid program (SlimFTP) from your system and has not offered an option to allow you to keep the installation. This means that Norton will always remove the program so you cannot use it! You need to set Norton to allow the program (sorry I do not use this one so do not know how to do it).

 

My reason for replying to this is simple who do you trust! If you are manic NO one! Well if you have downloaded from sourceforge.net it has been my experience no problem. Your conflict is then with whatever security you have installed.

 

I am with Olajide on this one its normal but a pain when you receive alerts like the above image.

Share this post


Link to post
Share on other sites

Yesterday a friend reported Norton AntiVirus does automatically delete SlimFTP. This provided me with an opportunity to have a play, components installed Norton Internet Security and Norton SystemWorks 2005 both with default settings.

 

To prevent Norton AntiVirus deleting files you need to add their names to two exclusion lists. Doing this prevents the files ever being scanned hence no detection and no deletion.

 

Current SourceForge download file is SlimFTPd_3.16.exe

Extracted file name: SlimFTPd.exe

 

There are two exclusion lists that need setting as follows:

1) Right click on either “Norton Internet Security” or “Norton SystemWorks”

bottom right corner of the system tray and select open.

2) In the pop-up click on options and select Norton Antivirus.

3) Click on Auto-Protect (this expands the menu options)

4) Click on Exclusions. A new window opens.

5) Click the New button

6) Type in SlimFTPd_3.16.exe un-check Include subfolders and click OK button

7) Repeat step 5 for file SlimFTPd.exe

8) Make sure the file names are correct and click the OK button

9) This closes the window and takes you back to position as in step 2.

Again click on options and select Norton Antivirus

10) Click on Manual Scan (this expands the menu options)

11) Click on Exclusions.

12) You know the drill click the New button

13) Type in SlimFTPd_3.16.exe un-check Include subfolders and click OK button

14) Repeat step 12 for file SlimFTPd.exe

15) Make sure the file names are correct and click the OK button

 

Pop your servers on a memory stick run them on a friends machine and if he’s running Norton expect SlimFTPd.exe to be blasted away pain that!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...