OpenSSH Vulnerability - WeOnlyDo Discussion board

OpenSSH Vulnerability (wodSFTP / wodSFTP.NET / wodSFTPdll)

by jdoorn, Wednesday, November 11, 2020, 22:10 (24 days ago)

We are using software that was built around wodSFTP (WeOnlyDo 3.7.3.170) for both client & host sFTP file transfers. We have found that some packets are randomly flagged by Meraki's IDS (SNORT) as having a signature matching a version of OpenSSH (versions 2.3.1 through 3.3) vulnerable to SSH Overflow vulnerabilities CVE-2002-0639 & CVE-2002-0640.

Does wodSFTP (WeOnlyDo 3.7.3.170) use OpenSSH or is there reason to believe wodSFTP might be vulnerable to these CVEs? We are trying to determine if Meraki's IDS/SNORT is giving us false positive events.

OpenSSH Vulnerability

by wodSupport, Wednesday, November 11, 2020, 22:12 (24 days ago) @ jdoorn

Hi.

wodSFTP does not use OpenSSH and is not related to it in any way. Not sure why they are flagged.

Note, also, your version is from year 2014 so anything is possible, there were many changes in wodSFTP in these 6 years.

Kind regards,
Jasmine