FileZilla Server 0.9.44 and OpenSSL on Windows 2003
Moderator: Project members
Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003
The problem is with the OpenSSL DLLs, building those for XP is very difficult and time consuming.
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
I would love the info to be able to do it. Unfortunately, I haven't done anything with compiling before, but could figure it out with a decent step-by-step or something in the general ballpark.
I looked on the site for instructions on how to compile server, but could only find info on compiling the client, which after downloading and extracting as instructed.. the first command generated errors. So is life.
Either way, I'd love to be able to do it myself, but if not the final binary would be greatly appreciated.
I looked on the site for instructions on how to compile server, but could only find info on compiling the client, which after downloading and extracting as instructed.. the first command generated errors. So is life.
Either way, I'd love to be able to do it myself, but if not the final binary would be greatly appreciated.
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
So far, using 0.9.43 with the SSL files from 0.9.44 seems to work great.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
Of all the times to cease support for Windows 2003, just as the Heartbleed vulnerability is being patched? Seriously?
Windows Server 2003 is a product that Microsoft will continue to support into 2015. I cannot imagine why now, of all times, the FileZilla support under Server 2003 would go away, leaving countless thousands of servers vulnerable.
Please add my voice to those calling for at least one more version of FileZilla Server that supports Windows Server 2003.
Windows Server 2003 is a product that Microsoft will continue to support into 2015. I cannot imagine why now, of all times, the FileZilla support under Server 2003 would go away, leaving countless thousands of servers vulnerable.
Please add my voice to those calling for at least one more version of FileZilla Server that supports Windows Server 2003.
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
Just update the two DLLs. Problem solved.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
Does updating the DLL's seem right to you Tim?boco wrote:Just update the two DLLs. Problem solved.
I tried testing for Heartbleed on a Filezilla server using:
the test site http://filippo.io/Heartbleed
Testing against the TCP Port 990
The report indicated that the test site running V 0.9.43 tested OK without any updates to the DLL's.
Since then I have updated these two DDL's with the V 0.9.44 DDL's and it tested OK also.
What I was looking for was a test that said, it is NOT OK, then update the DLL's and see it pass the test.
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
That's very peculiar. Heartbeat is enabled in the version of OpenSSL shipped with FileZilla Server 0.9.43 and it was built from the vulnerable source code.
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
The online tool seems broken. Using the command-line client it reports 0.9.43 as vulnerable.
Code: Select all
./Heartbleed -service=ftp 10.0.0.66:21
2014/04/14 08:30:38 ([]uint8) {
00000000 02 00 49 68 65 61 72 74 62 6c 65 65 64 2e 66 69 |..Iheartbleed.fi|
00000010 6c 69 70 70 6f 2e 69 6f 20 59 45 4c 4c 4f 57 20 |lippo.io YELLOW |
00000020 53 55 42 4d 41 52 49 4e 45 20 31 30 2e 30 2e 30 |SUBMARINE 10.0.0|
00000030 2e 36 36 3a 32 31 53 cc b2 99 2f e5 40 82 ad 0e |.66:21S.../.@...|
00000040 a0 e5 0b e3 b7 d2 1b d4 69 83 85 a5 52 b6 65 a7 |........i...R.e.|
00000050 9d 31 e2 45 43 b5 1b dc 87 68 53 8f |.1.EC....hS.|
}
2014/04/14 08:30:38 10.0.0.59:21 - VULNERABLE
-
- 504 Command not implemented
- Posts: 6
- Joined: 2014-04-15 13:43
- First name: Tim
- Last name: Menke
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
did we get an answer on this?
Is using the OpenSSL dlls's from the current version and copying them to the folder of the older version a supported method for Server 2003 or will a new package be generated with 2003 support?
EDIT: n/m Didn't see the other thread on this topic
Is using the OpenSSL dlls's from the current version and copying them to the folder of the older version a supported method for Server 2003 or will a new package be generated with 2003 support?
EDIT: n/m Didn't see the other thread on this topic
-
- 503 Bad sequence of commands
- Posts: 20
- Joined: 2008-12-05 02:30
- First name: mike
- Last name: loeven
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
To be honest i think even though ms pulled the plug on xp its still going to be around for a long time. its just that stable.
i think ending support for XP is a mistake because it is still so widely used especially in business
i think ending support for XP is a mistake because it is still so widely used especially in business
-
- 504 Command not implemented
- Posts: 7
- Joined: 2008-07-14 08:02
- First name: Kari
- Last name: Kimber
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
Some problem and services cant be deleted by installer. installer say success but service is not running and fail to start.javierb wrote:Hi Support:
Today I've tried to install Filezilla Server 0.9.44 on this Windows Server 2003 and it says this OS is no longer supported and it will not work on this OS.
Will you please provide us with some workaround as the previous version is seriously crippled by the openSSH vulnerability?
Best Regards,
Javier
-
- 500 Command not understood
- Posts: 1
- Joined: 2014-05-18 09:08
- First name: Jan
- Last name: Kuchař
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
What is the last unaffected version of FileZilla Server. I'm going to downgrade.
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
To my knowledge only 0.9.43 had 1.01 <g OpenSSL DLLs. Check out 0.9.42's DLLs - if they are of 0.x version it should be unaffected by Heartbleed.
BUT
0.9.43 fixed a different security issue, a nasty bug with Aliases. For this reason, only 0.9.44 or 0.9.43 with replaced DLLs from 0.9.44 should be used.
BUT
0.9.43 fixed a different security issue, a nasty bug with Aliases. For this reason, only 0.9.44 or 0.9.43 with replaced DLLs from 0.9.44 should be used.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 504 Command not implemented
- Posts: 9
- Joined: 2008-02-06 22:53
- First name: Nick
- Last name: O
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
Are you shitting me?
Server 2003 is still supported by Microsoft through July of 2015.
http://support.microsoft.com/lifecycle/ ... er+2003+R2
Dropping support prematurely is a bit questionable, and telling people to upgrade a still-supported commercial OS simply because you changed the build spec is straight up bush-league.
Bad form guys. Bad form indeed.
Server 2003 is still supported by Microsoft through July of 2015.
http://support.microsoft.com/lifecycle/ ... er+2003+R2
Dropping support prematurely is a bit questionable, and telling people to upgrade a still-supported commercial OS simply because you changed the build spec is straight up bush-league.
Bad form guys. Bad form indeed.
Re: FileZilla Server 0.9.44 and OpenSSL on Windows 2003
Please make a special version of both the client and the server for Windows Server 2003/XP people. We are not asking you for constant support, but rather for addressing the special circumstances caused by the Heartbleed bug which is entirely irrelevant to how old these systems are.
Thanks.
Thanks.