Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: CoreFTP LE version 2.1 build 1631 flagged as insecure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
jrgilman CoreFTP LE version 2.1 build 1631 flagged as insecure
Member 8th Dec, 2009 06:07
Ranking: 0
Posts: 1
User Since: 23rd Dec, 2007
System Score: N/A
Location: N/A
The indicated fix is to update to build 1568. Only the latest build (1631) is available from the coreFTP site.

Anthony Wells RE: CoreFTP LE version 2.1 build 1631 flagged as insecure
Expert Contributor 8th Dec, 2009 15:04
Score: 2428
Posts: 3,316
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 8th Dec, 2009 15:20

Are you saying that PSI is showing and specifying version 1631 as insecure and not pointing to an out of date file somewhere and suggesting in the download solution that you need to "update" to version 1568 .

Secunia will show the latest "secure" version and not necessarily the "latest" version for bug fixes , etc.

If so , you would need to take this up with support@secunia.com

If not , you should tell us the "installation path" PSI is showing for your "insecure" listing .

Anthony

EDIT : As Secunia Advisory SA36872 dates to 28/09/2009 and refers to a "security" problem in build 1612 and earlier and build 1568 dates to May 2008 , then you should let Secunia know of the problem you are experiencing.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
skibum_jim RE: CoreFTP LE version 2.1 build 1631 flagged as insecure
Member 8th Dec, 2009 15:39
Score: 0
Posts: 4
User Since: 8th Dec 2009
System Score: N/A
Location: N/A
The CoreFTP application is delivered as a zip file. I unpack it into folder Program Files/CoreFTP/ which I created. Secunia says that coreftp.exe in this folder is out of date but this file was updated in Nov/09 with the latest build 1631.
Was this reply relevant?
+0
-0
Anthony Wells RE: CoreFTP LE version 2.1 build 1631 flagged as insecure
Expert Contributor 8th Dec, 2009 15:50
Score: 2428
Posts: 3,316
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@skibum_jim

If you are new to Secunia PSI , to help resolve your problem , here are some instructions to help you first of all get the best out of PSI :-

1)use PSI in "advanced" mode ;
2)in the "settings" tab make sure that the box in the first/upper section is NOT ticked in order to have the maximum info available ;
3)tell us in which "tab(s)" your problem programme is located ;
4)in that tab , click on the + in the box at the left end of the programme , the page will expand ;
5)in the expanded page , tell us what is written in the "installation path" ;
6)in the "toolbox" section , lower down , the link "technical details" should confirm the installation path details ;
7)click on the link "open folder" and you will see more details concerning the location of the "problem" .

Posting these details will help the Forum help you , if/when you have a problem .

Although you have updated to the latest version , PSI may well be detecting an old file version left behind .

Let us know if you need more help.

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
skibum_jim RE: CoreFTP LE version 2.1 build 1631 flagged as insecure
Member 8th Dec, 2009 16:31
Score: 0
Posts: 4
User Since: 8th Dec 2009
System Score: N/A
Location: N/A
)use PSI in "advanced" mode
I am using the advanced mode
2)in the "settings" tab make sure that the box in the first/upper section is NOT ticked in order to have the maximum info available
This box is NOT ticked
3)tell us in which "tab(s)" your problem programme is located
The problem progam is located under the 'Insecure Programs' tab
4)in that tab , click on the + in the box at the left end of the programme , the page will expand
The expanded box says the installation of coreftp 2.x is insecure
Istallation Path: c:/Program Files/CoreFTP/coreftp.exe
Update to version 2.1 build 1568
5)in the expanded page , tell us what is written in the "installation path"
C:/Program Files/CoreFTP/coreftp.exe
6)in the "toolbox" section , lower down , the link "technical details" should confirm the installation path details
It does
7)click on the link "open folder" and you will see more details concerning the location of the "problem" .
It indicates the file c:/Program Files/CoreFTP/coreftp.exe

Posting these details will help the Forum help you , if/when you have a problem

So, my original problem is that this file was what came with version 2.1 build 1631 for CoreFTP.
Was this reply relevant?
+0
-0
Anthony Wells RE: CoreFTP LE version 2.1 build 1631 flagged as insecure
Expert Contributor 8th Dec, 2009 16:39
Score: 2428
Posts: 3,316
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Secunia advice to update to 1568 is definitely bizarre at best.

When you mouse over or check the properties of the .exe file , what version is showing ??

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
skibum_jim RE: CoreFTP LE version 2.1 build 1631 flagged as insecure
Member 8th Dec, 2009 18:09
Score: 0
Posts: 4
User Since: 8th Dec 2009
System Score: N/A
Location: N/A
File version it shows for coreftp.exe is 2.1.0 but it never includes the build number. It indicates it was last modified 11/09. I sent a note to secunia support.
Was this reply relevant?
+0
-0
Anthony Wells RE: CoreFTP LE version 2.1 build 1631 flagged as insecure
Expert Contributor 8th Dec, 2009 18:22
Score: 2428
Posts: 3,316
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Best you can do ; as PSI detection rules needs to read a file which shows a version /build N , then maybe this (lack of) notation of the .exe file is not helping .

Let us know any reply you get , as this will help other users .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
E.Jeppesen RE: CoreFTP LE version 2.1 build 1631 flagged as insecure
Secunia Official 9th Dec, 2009 10:51
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
As guessed by Anthony Wells the currently latest version of Core FTP LE does not contain the exact version information as the build number is missing. For this reason we cannot correctly detect Core FTP LE in its current version.

I have contacted Core FTP Support and asked if they could include the exact version information and build number in a coming release, which they have replied they will do. The detection issue should then be solved.
skibum_jim RE: CoreFTP LE version 2.1 build 1631 flagged as insecure
Member 9th Dec, 2009 16:18
Score: 0
Posts: 4
User Since: 8th Dec 2009
System Score: N/A
Location: N/A
Thanks for the speedy status update. I'll continue to run Secunia every other week as it is a valuable tool for me.
Was this reply relevant?
+0
-0
Anthony Wells RE: CoreFTP LE version 2.1 build 1631 flagged as insecure
Expert Contributor 9th Dec, 2009 18:20
Score: 2428
Posts: 3,316
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@skibum_jim,

You might want to run it weekly ; Adobe Flash Player and AIR have just updated today , you would not want to leave a serious vulnerability in something like that for too long .

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability