rejetto forum

Software => HFS ~ HTTP File Server => FHFS => Topic started by: bmartino1 on June 12, 2014, 09:49:24 PM

Title: fhfs 2.1 is using vuralnbe software - update your stunnel and openssl!
Post by: bmartino1 on June 12, 2014, 09:49:24 PM
-------------------
Hello, i have re downloaded the current build of fhfs and though i should post my two bins to update and secure you fhfs form the heratblead virus going around!

FHFS version 2.1 is using openssl 1.0.1e and stunnel (2/3 i don't remember), but it is older enough to be vurnalable to attack!

Here are the zipped file contents ( i have tested and it works!at least for me)

just copy and replace and fhfs should be working fine!
---------------
Steps:
Download the zipped files:
https://drive.google.com/file/d/0B9u5dgydfOEuWDFuZ2VPeXhxVWM/edit?usp=sharing

Open your fhfs director
Mine happens to be C:\Program Files\FHFS
look for the folder:
openssl-bin
and
stunnel-bin

extract the corresponding file into theses folder to upgrade them to the secure one!
***(DO THIS AT YOUR OWN RISK I CLAIM NO RESPONSIBILITY IF YOU MESS UP YOUR FHFS SERVER!)***

*Raybob if possible can you re-added/update to include stunnel 5.1 and open ssl 1.0.1g?

zip files soon
https://drive.google.com/file/d/0B9u5dgydfOEuWDFuZ2VPeXhxVWM/edit?usp=sharing

sources:
---
openssl:
http://opendec.wordpress.com/tag/openssl/
downlaod: http://indy.fulgan.com/SSL/openssl-1.0.1g-i386-win32.zip
copy the 2 dll files and the openssl.exe file to the place where openssl is located and tada, you are no longer vulnerable...
------

stunnel:
(Form silentplz and his "s" button to upgrade stunnel!)
https://www.stunnel.org/downloads.html
Title: Re: fhfs 2.1 is using vuralnbe software - update your stunnel and openssl!
Post by: raybob on July 02, 2014, 04:38:47 AM
Yeah I should probably release a new 2.1.1.  I'll get on that tomorrow.  Sorry for the delay... FHFS hasn't exactly been at the front of my mind.