View Attach (1) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jpg
 minor_update.jpg 356.6 kB 1 31-Aug-2023 17:14 Ada Csaba

This page (revision-31) was last changed on 25-Apr-2024 01:58 by Ada Csaba

This page was created on 10-Aug-2023 03:53 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed one line
!!!Minimum safe CrushFTP version is 10.5.5.
!!!Minimum safe CrushFTP version is 10.7.1. (Regularly updating is critical and we make that as easy as possible.)
At line 3 added 10 lines
!!Regarding 10.7.1 and the CrushFTP exploit allowing access to system files __CVE-2024-4040__ . Using a DMZ proxy in front of your main CrushFTP would have protected you in this scenario. The vulnerability allowed an attacker to retrieve system files.\\
(CREDIT:Simon Garrelou, of Airbus CERT, read more here [https://github.com/airbus-cert/CVE-2024-4040|https://github.com/airbus-cert/CVE-2024-4040] )\\
\\
!!REGARDING 10.6.0 and the recent global SSH vulnerability which also affected CrushFTP! (not CrushFTP specific, but we are affected just like ALL other server vendors): CVE-2023-48795
Read more about it here: [https://terrapin-attack.com/]\\
[https://jfrog.com/blog/ssh-protocol-flaw-terrapin-attack-cve-2023-48795-all-you-need-to-know/|https://jfrog.com/blog/ssh-protocol-flaw-terrapin-attack-cve-2023-48795-all-you-need-to-know/] \\
\\
!!REGARDING 10.5.6 and the recent global SSH vulnerability which also affected CrushFTP! (not CrushFTP specific, but we are affected just like most other server vendors)
Read more about it here: [https://eprint.iacr.org/2023/1711.pdf]\\
\\
At line 21 added 5 lines
__IMPORTANT: due to the security updates since CrushFTP version 10.5.2+ any JDBC driver jar file needs to be placed into the CrushFTP10/plugins/lib/ directory, or it won't load. In case of a server previously configured using an external SQL user DB, this new feature prevents access on next launch, will need to move the jar file, then edit prefs.XML, update the <db_driver> key value like\\
{{{<db_driver>./mssql-jdbc-12.4.0.jre11.jar</db_driver>}}}
\\
\\
Version Date Modified Size Author Changes ... Change note
31 25-Apr-2024 01:58 5.016 kB Ada Csaba to previous
30 25-Apr-2024 01:57 5.01 kB Ada Csaba to previous | to last
29 25-Apr-2024 01:57 4.964 kB Ada Csaba to previous | to last
28 25-Apr-2024 01:57 4.963 kB Ada Csaba to previous | to last
27 19-Apr-2024 05:26 4.878 kB Ben Spink to previous | to last
26 19-Apr-2024 05:26 4.879 kB Ben Spink to previous | to last
25 19-Apr-2024 05:26 4.881 kB Ben Spink to previous | to last
24 19-Apr-2024 04:59 4.84 kB Ben Spink to previous | to last
23 20-Mar-2024 12:49 4.603 kB Ada Csaba to previous | to last
22 20-Mar-2024 12:48 4.507 kB Ada Csaba to previous | to last
21 19-Dec-2023 01:17 4.409 kB Ben Spink to previous | to last
« This page (revision-31) was last changed on 25-Apr-2024 01:58 by Ada Csaba
G’day (anonymous guest)
CrushFTP10 | What's New

Referenced by
LeftMenu

JSPWiki