MOVEit DMZ MOVEit Central MOVEit Clients WS_FTP Server WS_FTP Server Web Transfer Module WS_FTP Client-Server Solution WS_FTP Professional WS_FTP Home WS_FTP Professional SDK Press Awards

WS_FTP Server Support

WS_FTP Server 6.1.1 with SSH & WS_FTP Server 6.1.1

Released May 20, 2008

Download:

Visit myIpswitch to download this update

Details:

Web Transfer Module: The main purpose of this release of WS_FTP Server 6.1 and WS_FTP Server 6.1 is to allow for integration of the new WS_FTP Server Web Transfer Module.

WS_FTP Server Web Transfer Client is a web application that runs with Microsoft Internet Information Server (IIS) and lets your WS_FTP Server users access their accounts via a browser (using HTTP).

Date format specification: (on ‘System Details’ page of Web Admin): Sets the date display format for all of the WS_FTP Server Manager pages that display the date, and sets the format for text boxes where you can enter a date including auto expiring accounts, SSL certificates, Log Viewer, etc. Once you select a date format, the WS_FTP Server Manager will verify a date that you enter against the selected format. Note: These settings are cached by WS_FTP Server for up to ninety seconds. Changes made to these settings are not recognized until the services are restarted or the cache expires.

Data channel timeout (60 by default). Enter the number of seconds after which the client is disconnected that the server will abandon the transfer of an uploaded file and release the lock from any partially uploaded file.

Fixed in 6.1.1

The following issues were addressed in this release:

The "TLS Only" option allowed connections using SSL v2, but would reject the connection during the login attempt. "TLS Only" now rejects connections during SSL negotiation.
Clients with SSL session reuse and mutual authorization activated (requiring a client certificate) failed during second attempts to connect to the server. This problem has been fixed.
File transfers were keeping files locked when network connections were suddenly dropped. This problem has been addressed by including a Data Channel Timeout for listeners.

Ipswitch would like to thank Secunia (secunia.com) for reporting the following issues, which have been fixed in this release:

[SA28753] SSH Server Denial of Service vulnerability: A boundary error in the SSH Server Service could be exploited by passing an overly long argument to a command.
[SA28822] The WS_FTP Server Manager log viewer vulnerability: HTTP requests for the FTPLogServer/LogViewer.asp script could be exploited allowing unauthorized log access.
[SA28761] WS_FTP Server Denial of Service vulnerability: Overly large datagrams sent within a short time period could cause the log service to stop responding to log requests.

Requirements to install this update:

You must have WS_FTP Server 6.1 with SSH or WS_FTP Server 6 to install this update.