Ric Posted May 20, 2006 Report Share Posted May 20, 2006 I found this on Whitsoft Development: “SECURITY ALERT: SlimFTPd 3.15 through 3.17 have buffer overflow vulnerabilities that could potentially lead to remote code execution. Users are advised to upgrade to SlimFTPd 3.18 immediately!” 1) My question; is it safe to use the current (3.16) plug in download. Added to the security issue the new version 3.18 requires: “Attention: SlimFTPd now requires the Visual C++ 2005 runtime libraryDownload Visual C++ 2005 Runtime Redistributable Package (2.52 MB)” 2) Will you be up grading to version 3.18 if so how will this impact on portability (run time library issue). This does not cause me a problem, I do not use this plug in, however I would not like it to impact on either security or portablity of US, US is a great product because of its perceived simplicity (hides the real complexity). Quote Link to comment Share on other sites More sharing options...
olajideolaolorun Posted May 24, 2006 Report Share Posted May 24, 2006 Yes, we will be upgrading soon and also, you really dont need that package. Should be installed on your PC already i believe. Quote Best Regards Olajide Olaolorun The Uniform Server Development Team Link to comment Share on other sites More sharing options...
MrX Posted June 23, 2006 Report Share Posted June 23, 2006 If I remember correctly, the Visual C++ 2005 Runtime Libraries refer to MSVCP80.dll and MSVCR80.dll. I don't think they should be found on your PC unless you've previously used a program that requires them. Quote Link to comment Share on other sites More sharing options...
olajideolaolorun Posted July 9, 2006 Report Share Posted July 9, 2006 They should be there unless you uninstalled them with a program. Quote Best Regards Olajide Olaolorun The Uniform Server Development Team Link to comment Share on other sites More sharing options...
MrX Posted July 10, 2006 Report Share Posted July 10, 2006 (edited) If I remember correctly, only MSVC++ 7 Runtimes were included with XP (or at least, one of its service packs) Edited July 10, 2006 by MrX Quote Link to comment Share on other sites More sharing options...
olajideolaolorun Posted July 11, 2006 Report Share Posted July 11, 2006 Thats what i am saying so it should already come with his PC.... Quote Best Regards Olajide Olaolorun The Uniform Server Development Team Link to comment Share on other sites More sharing options...
MrX Posted July 11, 2006 Report Share Posted July 11, 2006 (edited) I found this on Whitsoft Development: “SECURITY ALERT: SlimFTPd 3.15 through 3.17 have buffer overflow vulnerabilities that could potentially lead to remote code execution. Users are advised to upgrade to SlimFTPd 3.18 immediately!” 1) My question; is it safe to use the current (3.16) plug in download. Added to the security issue the new version 3.18 requires: “Attention: SlimFTPd now requires the Visual C++ 2005 runtime libraryDownload Visual C++ 2005 Runtime Redistributable Package (2.52 MB)” 2) Will you be up grading to version 3.18 if so how will this impact on portability (run time library issue). This does not cause me a problem, I do not use this plug in, however I would not like it to impact on either security or portablity of US, US is a great product because of its perceived simplicity (hides the real complexity).If I remember correctly, only MSVC++ 7 Runtimes were included with XP (or at least, one of its service packs) See the difference? MSVC++ 2005 is also known as MSVC++ 8 not MSVC++ 7, which is what I was talking about! (Note: MSVC++ stands for Microsoft Visual C++) Edited July 11, 2006 by MrX Quote Link to comment Share on other sites More sharing options...
MrX Posted July 11, 2006 Report Share Posted July 11, 2006 Anyway, enough of those complex arguments. Before I continue, if you happen to have those Visual C++ 2005 Runtimes installed on your PC, please check if they came with (or were installed together with) another program. You should also check if Windows Update had installed them for you Ok, now, allow me to use simple reasoning to tell you why most users won't have them (pre)installed on their PCs "out of the box". Visual C++ 2005 was obviously released in 2005. XP and the latest Service Pack 2 were released before 2005. How could DLLs that were released in 2005 come with software that were released before that? (Unless Microsoft stupidly included beta versions of the DLLs in them, which I wish they'd do so their damn OS will have more problems and users would have no choice but to switch to another OS but well, I don't think that's happening any time soon ) Quote Link to comment Share on other sites More sharing options...
olajideolaolorun Posted July 12, 2006 Report Share Posted July 12, 2006 Ok Ok.... you win this one but i still think its no difference..... The new one will have the components of the old one and should be able to also do the job..... i do not think there is a version discripency..... ...as to what version you have after 7 Quote Best Regards Olajide Olaolorun The Uniform Server Development Team Link to comment Share on other sites More sharing options...
MrX Posted July 12, 2006 Report Share Posted July 12, 2006 (edited) I found this on Whitsoft Development: “SECURITY ALERT: SlimFTPd 3.15 through 3.17 have buffer overflow vulnerabilities that could potentially lead to remote code execution. Users are advised to upgrade to SlimFTPd 3.18 immediately!” 1) My question; is it safe to use the current (3.16) plug in download. Added to the security issue the new version 3.18 requires: “Attention: SlimFTPd now requires the Visual C++ 2005 runtime libraryDownload Visual C++ 2005 Runtime Redistributable Package (2.52 MB)” 2) Will you be up grading to version 3.18 if so how will this impact on portability (run time library issue). This does not cause me a problem, I do not use this plug in, however I would not like it to impact on either security or portablity of US, US is a great product because of its perceived simplicity (hides the real complexity). If you want the MSVC++ 8 DLLs, you'll need to install that 2.52 MB file unless another program has already installed them for you. Why don't you search for all instances of MSVCP80.dll and MSVCR80.dll in your PC, delete them and then rename MSVCP70.dll and MSVCR70.dll to MSVCP80.dll and MSVCR80.dll respectively? Then, we'll know if it really works. MSVC++ 7.0 = MSVC++ 2003MSVC++ 8.0 = MSVC++ 2005 Edited July 12, 2006 by MrX Quote Link to comment Share on other sites More sharing options...
olajideolaolorun Posted July 14, 2006 Report Share Posted July 14, 2006 K, enough.... Thanks. Quote Best Regards Olajide Olaolorun The Uniform Server Development Team Link to comment Share on other sites More sharing options...
fr600 Posted September 20, 2006 Report Share Posted September 20, 2006 I just got this: Quote Link to comment Share on other sites More sharing options...
olajideolaolorun Posted September 21, 2006 Report Share Posted September 21, 2006 That normal.... Its a FTP Server so some AntiVirus/Firewall software count is as the Backdoor trogan, but its not! Search the forum! Its safe if you use it well. Quote Best Regards Olajide Olaolorun The Uniform Server Development Team Link to comment Share on other sites More sharing options...
Ric Posted September 23, 2006 Author Report Share Posted September 23, 2006 I do love images and the above should scare the paints off you. Oh! It did you should have received two other messages prior to this that gave you the option to allow Apache and MySQL access to the Internet (just allow access). I assume you trusted these and did just that; well if you did not you just took yours servers off line. If what I see is true Norton has removed a valid program (SlimFTP) from your system and has not offered an option to allow you to keep the installation. This means that Norton will always remove the program so you cannot use it! You need to set Norton to allow the program (sorry I do not use this one so do not know how to do it). My reason for replying to this is simple who do you trust! If you are manic NO one! Well if you have downloaded from sourceforge.net it has been my experience no problem. Your conflict is then with whatever security you have installed. I am with Olajide on this one its normal but a pain when you receive alerts like the above image. Quote Link to comment Share on other sites More sharing options...
olajideolaolorun Posted September 24, 2006 Report Share Posted September 24, 2006 I think you can change it in settings. Quote Best Regards Olajide Olaolorun The Uniform Server Development Team Link to comment Share on other sites More sharing options...
Ric Posted September 28, 2006 Author Report Share Posted September 28, 2006 Yesterday a friend reported Norton AntiVirus does automatically delete SlimFTP. This provided me with an opportunity to have a play, components installed Norton Internet Security and Norton SystemWorks 2005 both with default settings. To prevent Norton AntiVirus deleting files you need to add their names to two exclusion lists. Doing this prevents the files ever being scanned hence no detection and no deletion. Current SourceForge download file is SlimFTPd_3.16.exeExtracted file name: SlimFTPd.exe There are two exclusion lists that need setting as follows:1) Right click on either “Norton Internet Security” or “Norton SystemWorks” bottom right corner of the system tray and select open.2) In the pop-up click on options and select Norton Antivirus.3) Click on Auto-Protect (this expands the menu options)4) Click on Exclusions. A new window opens.5) Click the New button6) Type in SlimFTPd_3.16.exe un-check Include subfolders and click OK button7) Repeat step 5 for file SlimFTPd.exe8) Make sure the file names are correct and click the OK button9) This closes the window and takes you back to position as in step 2. Again click on options and select Norton Antivirus10) Click on Manual Scan (this expands the menu options)11) Click on Exclusions. 12) You know the drill click the New button13) Type in SlimFTPd_3.16.exe un-check Include subfolders and click OK button14) Repeat step 12 for file SlimFTPd.exe15) Make sure the file names are correct and click the OK button Pop your servers on a memory stick run them on a friends machine and if he’s running Norton expect SlimFTPd.exe to be blasted away pain that! Quote Link to comment Share on other sites More sharing options...
olajideolaolorun Posted November 2, 2006 Report Share Posted November 2, 2006 Quote Best Regards Olajide Olaolorun The Uniform Server Development Team Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.