There has been found some problems in the OpenSSL library that is linked with SSFT.
See the advisory from the OpeenSSL people:
Version 0.17 is linked with OpenSSL 0.9.6e and should be immune to these threats.
Please upgrade SSFT if you use the Windows version to avoid problems. On Linux systems it should be sufficient to upgrade the OpenSSL shared librariues (which must be done anyways, as all programs that use OpenSSL needs this)
I''ve updated the apt-source for ssft. Just add the following line to your /etc/apt//sources.list file:
deb http://apt.jgaa.com/debian/ stable jgaa
and give the following commands as root:
apt-get install ssft
I've fixed a number of bugs, and added an option to specify user, group and permissions on files and directories created by the ssft server. This was required to replicate files from an internal Windows share to a secure Apache server under Linux.
This is mainly a bugfix release. We found a number of bugs when ssft 0.12 was depoloyed - and these are now fixed ;)
With the new features added with this release, SSFT is challenging several major UNIX utilities!
SSFT (Secure Socket File Transfer) was originally written to handle simple file transfers between Linux and Windows in a safe manner. It addressed several important weaknesses in the commonly used tools:
1) Unlike FTP, SSFT only use one TCP/IP port. It is therefore easy to configure in firewalls.
2) Unlike FTP and RDIST, the entire communication is encrypted with strong encryption (using the OpenSSL library). Spying on sessions is impossible, unless the spy have access to the server or client computer.... read more
I've made a .zip withh the static openssl library available at my FTP site. This should make it even easier to get going with ssftp development :)
Look for openssl-0.9.6b-win32.zip (or newer) in ftp://ftp.jgaa.com/pub/unsupported/
The new version also works on Windows NT 4 and Windows 98/ME. The documentation can be browsed on-line at http://ssft.jgaa.com
I have released ssft 0.10 beta. This version is tested with Windows 2000 Pro, Debian GNU/Linux Potato, Debian GNU/Linux Woody and FreeBSD. There are a few problems with ./configure that makes it required to run:
aclocal ; autoheader; atromake ?add-missing; autoconf
before ./configure. After that everything should be ok. I will put the baby in production this week, and will probably find a few bugs then :/... read more