I found this on Whitsoft Development:

 

“SECURITY ALERT: SlimFTPd 3.15 through 3.17 have buffer overflow vulnerabilities that could potentially lead to remote code execution. Users are advised to upgrade to SlimFTPd 3.18 immediately!”

 

1) My question; is it safe to use the current (3.16) plug in download.

 

Added to the security issue the new version 3.18 requires:

“Attention: SlimFTPd now requires the Visual C++ 2005 runtime library

Download Visual C++ 2005 Runtime Redistributable Package (2.52 MB)”

 

2) Will you be up grading to version 3.18 if so how will this impact on portability (run time library issue).

 

This does not cause me a problem, I do not use this plug in, however I would not like it to impact on either security or portablity of US, US is a great product because of its perceived simplicity (hides the real complexity).

Yes, we will be upgrading soon and also, you really dont need that package. Should be installed on your PC already i believe.

If I remember correctly, the Visual C++ 2005 Runtime Libraries refer to MSVCP80.dll and MSVCR80.dll.

 

I don't think they should be found on your PC unless you've previously used a program that requires them.

They should be there unless you uninstalled them with a program.

If I remember correctly, only MSVC++ 7 Runtimes were included with XP (or at least, one of its service packs)

Edited July 10, 200619 yr by MrX

Thats what i am saying so it should already come with his PC....

I found this on Whitsoft Development:

 

“SECURITY ALERT: SlimFTPd 3.15 through 3.17 have buffer overflow vulnerabilities that could potentially lead to remote code execution. Users are advised to upgrade to SlimFTPd 3.18 immediately!”

 

1) My question; is it safe to use the current (3.16) plug in download.

 

Added to the security issue the new version 3.18 requires:

“Attention: SlimFTPd now requires the Visual C++ 2005 runtime library

Download Visual C++ 2005 Runtime Redistributable Package (2.52 MB)”

 

2) Will you be up grading to version 3.18 if so how will this impact on portability (run time library issue).

 

This does not cause me a problem, I do not use this plug in, however I would not like it to impact on either security or portablity of US, US is a great product because of its perceived simplicity (hides the real complexity).

If I remember correctly, only MSVC++ 7 Runtimes were included with XP (or at least, one of its service packs)

 

See the difference? MSVC++ 2005 is also known as MSVC++ 8 not MSVC++ 7, which is what I was talking about!

 

(Note: MSVC++ stands for Microsoft Visual C++)

Edited July 11, 200619 yr by MrX

Anyway, enough of those complex arguments.

 

Before I continue, if you happen to have those Visual C++ 2005 Runtimes installed on your PC, please check if they came with (or were installed together with) another program. You should also check if Windows Update had installed them for you

 

Ok, now, allow me to use simple reasoning to tell you why most users won't have them (pre)installed on their PCs "out of the box". Visual C++ 2005 was obviously released in 2005. XP and the latest Service Pack 2 were released before 2005. How could DLLs that were released in 2005 come with software that were released before that? (Unless Microsoft stupidly included beta versions of the DLLs in them, which I wish they'd do so their damn OS will have more problems and users would have no choice but to switch to another OS but well, I don't think that's happening any time soon )

Ok Ok.... you win this one but i still think its no difference..... The new one will have the components of the old one and should be able to also do the job..... i do not think there is a version discripency..... ...as to what version you have after 7

I found this on Whitsoft Development:

 

“SECURITY ALERT: SlimFTPd 3.15 through 3.17 have buffer overflow vulnerabilities that could potentially lead to remote code execution. Users are advised to upgrade to SlimFTPd 3.18 immediately!”

 

1) My question; is it safe to use the current (3.16) plug in download.

 

Added to the security issue the new version 3.18 requires:

“Attention: SlimFTPd now requires the Visual C++ 2005 runtime library

Download Visual C++ 2005 Runtime Redistributable Package (2.52 MB)”

 

2) Will you be up grading to version 3.18 if so how will this impact on portability (run time library issue).

 

This does not cause me a problem, I do not use this plug in, however I would not like it to impact on either security or portablity of US, US is a great product because of its perceived simplicity (hides the real complexity).

 

If you want the MSVC++ 8 DLLs, you'll need to install that 2.52 MB file unless another program has already installed them for you.

 

Why don't you search for all instances of MSVCP80.dll and MSVCR80.dll in your PC, delete them and then rename MSVCP70.dll and MSVCR70.dll to MSVCP80.dll and MSVCR80.dll respectively? Then, we'll know if it really works.

 

MSVC++ 7.0 = MSVC++ 2003

MSVC++ 8.0 = MSVC++ 2005

Edited July 12, 200619 yr by MrX

K, enough.... Thanks.

I just got this:

 

That normal.... Its a FTP Server so some AntiVirus/Firewall software count is as the Backdoor trogan, but its not! Search the forum! Its safe if you use it well.

I do love images and the above should scare the paints off you. Oh! It did you should have received two other messages prior to this that gave you the option to allow Apache and MySQL access to the Internet (just allow access). I assume you trusted these and did just that; well if you did not you just took yours servers off line.

 

If what I see is true Norton has removed a valid program (SlimFTP) from your system and has not offered an option to allow you to keep the installation. This means that Norton will always remove the program so you cannot use it! You need to set Norton to allow the program (sorry I do not use this one so do not know how to do it).

 

My reason for replying to this is simple who do you trust! If you are manic NO one! Well if you have downloaded from sourceforge.net it has been my experience no problem. Your conflict is then with whatever security you have installed.

 

I am with Olajide on this one its normal but a pain when you receive alerts like the above image.

I think you can change it in settings.

Yesterday a friend reported Norton AntiVirus does automatically delete SlimFTP. This provided me with an opportunity to have a play, components installed Norton Internet Security and Norton SystemWorks 2005 both with default settings.

 

To prevent Norton AntiVirus deleting files you need to add their names to two exclusion lists. Doing this prevents the files ever being scanned hence no detection and no deletion.

 

Current SourceForge download file is SlimFTPd_3.16.exe

Extracted file name: SlimFTPd.exe

 

There are two exclusion lists that need setting as follows:

1) Right click on either “Norton Internet Security” or “Norton SystemWorks”

bottom right corner of the system tray and select open.

2) In the pop-up click on options and select Norton Antivirus.

3) Click on Auto-Protect (this expands the menu options)

4) Click on Exclusions. A new window opens.

5) Click the New button

6) Type in SlimFTPd_3.16.exe un-check Include subfolders and click OK button

7) Repeat step 5 for file SlimFTPd.exe

8) Make sure the file names are correct and click the OK button

9) This closes the window and takes you back to position as in step 2.

Again click on options and select Norton Antivirus

10) Click on Manual Scan (this expands the menu options)

11) Click on Exclusions.

12) You know the drill click the New button

13) Type in SlimFTPd_3.16.exe un-check Include subfolders and click OK button

14) Repeat step 12 for file SlimFTPd.exe

15) Make sure the file names are correct and click the OK button

 

Pop your servers on a memory stick run them on a friends machine and if he’s running Norton expect SlimFTPd.exe to be blasted away pain that!