OpenSSH Vulnerability (wodSFTP / wodSFTP.NET / wodSFTPdll)
We are using software that was built around wodSFTP (WeOnlyDo 126.96.36.199) for both client & host sFTP file transfers. We have found that some packets are randomly flagged by Meraki's IDS (SNORT) as having a signature matching a version of OpenSSH (versions 2.3.1 through 3.3) vulnerable to SSH Overflow vulnerabilities CVE-2002-0639 & CVE-2002-0640.
Does wodSFTP (WeOnlyDo 188.8.131.52) use OpenSSH or is there reason to believe wodSFTP might be vulnerable to these CVEs? We are trying to determine if Meraki's IDS/SNORT is giving us false positive events.
- OpenSSH Vulnerability - jdoorn, 2020-11-11, 22:10
- OpenSSH Vulnerability - wodSupport, 2020-11-11, 22:12