Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: algore
No, the attack vector was the update system, and only one malicious .dll file specifically for one product was identified.

No you are wrong. solarwinds -- serv-u_ftp_server SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. 2020-07-05 7.5 CVE-2020-15541

That's just one of many for the product.

Please do not spread misinfo

It's a garbage product mainly useful for companies that want to add vulnerabilities to their products.

36 posted on 12/15/2020 7:15:36 PM PST by palmer (Democracy Dies Six Ways from Sunday)
[ Post Reply | Private Reply | To 33 | View Replies ]

To: palmer

No I am right.

That was a totally different issue. That bug did affect
Serv-u versions 15.0.. to 15.2.. but that issue was identified and patched in july.

But it was a vulnerability/bug, not a deliberate attack that including signed .dll files inserted into the update matrix for a specific product in a deliberate penetration attempt

You do see the difference?


37 posted on 12/15/2020 8:57:07 PM PST by algore
[ Post Reply | Private Reply | To 36 | View Replies ]
To: palmer

“It’s a garbage product mainly useful for companies that want to add vulnerabilities to their products”

More like an expensive product that is one of many created in order it easier to manage lots of slave machines, and see who is uppity.


38 posted on 12/15/2020 9:02:22 PM PST by algore
[ Post Reply | Private Reply | To 36 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson