CVE-2016-2183
Moderator: Project members
-
- 504 Command not implemented
- Posts: 11
- Joined: 2017-01-17 08:39
- First name: jovie
- Last name: sel
CVE-2016-2183
Hi,
We have FileZilla Server 0.9.56 and found out vulnerable with CVE-2016-2183: Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) on port 21 and 990. We know port 21 is used for file transfer. The port 990 is default.
By the way, the use of our FileZilla server is for the sending of logs from our BLuecoat ProxySG to a server.
Any ideas how we can remediate this?
Thank you,
Jovsel
We have FileZilla Server 0.9.56 and found out vulnerable with CVE-2016-2183: Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) on port 21 and 990. We know port 21 is used for file transfer. The port 990 is default.
By the way, the use of our FileZilla server is for the sending of logs from our BLuecoat ProxySG to a server.
Any ideas how we can remediate this?
Thank you,
Jovsel
Re: CVE-2016-2183
You need to update to the most recent version of FileZilla Server, old versions are not supported.
-
- 504 Command not implemented
- Posts: 11
- Joined: 2017-01-17 08:39
- First name: jovie
- Last name: sel
Re: CVE-2016-2183
Hi botg,
Does it mean, upgrading to latest version remediate the vulnerabilities?
Is there any compatibility issue on the latest version?
Thanks.
Does it mean, upgrading to latest version remediate the vulnerabilities?
Is there any compatibility issue on the latest version?
Thanks.
Re: CVE-2016-2183
https://filezilla-project.org/versions.php?type=server
The immediate problem is that you won't receive any support for old versions, so you MUST be on the latest version, even if it wouldn't resolve the issue at hand.
The immediate problem is that you won't receive any support for old versions, so you MUST be on the latest version, even if it wouldn't resolve the issue at hand.
And we know this is wrong. Port 21 is used for non-encrypted FTP and Explicit FTP over TLS (recommended). Port 990 is for Implicit FTP over TLS. Data connections (listings, transfers) use even different ports.We know port 21 is used for file transfer. The port 990 is default.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 504 Command not implemented
- Posts: 11
- Joined: 2017-01-17 08:39
- First name: jovie
- Last name: sel
Re: CVE-2016-2183
boco wrote: ↑2018-10-17 14:12https://filezilla-project.org/versions.php?type=server
The immediate problem is that you won't receive any support for old versions, so you MUST be on the latest version, even if it wouldn't resolve the issue at hand.
And we know this is wrong. Port 21 is used for non-encrypted FTP and Explicit FTP over TLS (recommended). Port 990 is for Implicit FTP over TLS. Data connections (listings, transfers) use even different ports.We know port 21 is used for file transfer. The port 990 is default.
Thank you boco for the reply and clarification.
Upon checking, latest version of filezilla server is 0.9.60.2, is this compatible on the window server 2008 R2 Enterprise? In this version 0.9.60.2, is there a possible we can disable port 990?
Thanks.
Re: CVE-2016-2183
Server 2008 R2 (NT6.1) is supported.
Just clear the Implicit port field on the server's TLS setting page, and FZ Server will stop listening on that port. Implicit FTPS won't be available (no big loss).
Just clear the Implicit port field on the server's TLS setting page, and FZ Server will stop listening on that port. Implicit FTPS won't be available (no big loss).
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: CVE-2016-2183
May work, or not. We don't care about older versions, you won't receive ANY support for them. In your own interest, always be on the latest version.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org