1. Home

Product groups

Support

OpenSSH Vulnerability - WeOnlyDo Discussion board

OpenSSH Vulnerability (wodSFTP / wodSFTP.NET / wodSFTPdll)

by jdoorn, Wednesday, November 11, 2020, 22:10 (1255 days ago)

We are using software that was built around wodSFTP (WeOnlyDo 3.7.3.170) for both client & host sFTP file transfers. We have found that some packets are randomly flagged by Meraki's IDS (SNORT) as having a signature matching a version of OpenSSH (versions 2.3.1 through 3.3) vulnerable to SSH Overflow vulnerabilities CVE-2002-0639 & CVE-2002-0640.

Does wodSFTP (WeOnlyDo 3.7.3.170) use OpenSSH or is there reason to believe wodSFTP might be vulnerable to these CVEs? We are trying to determine if Meraki's IDS/SNORT is giving us false positive events.

locked
  5661 views

OpenSSH Vulnerability

by wodSupport, Wednesday, November 11, 2020, 22:12 (1255 days ago) @ jdoorn

Hi.

wodSFTP does not use OpenSSH and is not related to it in any way. Not sure why they are flagged.

Note, also, your version is from year 2014 so anything is possible, there were many changes in wodSFTP in these 6 years.

Kind regards,
Jasmine

locked
  5622 views

We are having great success with your component ... email server that has over 750 000 mailboxes back ended by a SQL server...

Conrad Leigh
Leaf Wireless

Don't be fooled by the cost, it's value and quality far exceeds the price being charged!

Ian D. Mead, author of UltraEdit-32
IDM Computer Solutions

Count us as a satisfied WeOnlyDo customer. We appreciate your terrific support to get the secure Telnet working properly.

Don Fitzpatrick
InterNetworx Systems

Your .NET components allow us to blend .NET technology seamlessly with secure communication, and with excellent technical support.

Bil Bragg
Dionach

Brilliant, even works on the mobile phone...

Conrad Leigh
Leaf Wireless

Just thought you'd like to know that my gateway app with your SMTP Server component held the line against a DDOS attack today...

Chris Langsenkamp
Clever Technologies

Brilliant, even works on the mobile phone...

Conrad Leigh
Leaf Wireless

Don't be fooled by the cost, it's value and quality far exceeds the price being charged!

Ian D. Mead, author of UltraEdit-32
IDM Computer Solutions

...I'm extremely impressed with the product, it represents excellent value for money...

Danny Haworth
Assetdisk

I really like these products - they are consistently first rate!

David Witten
WWR Development, Inc.