Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > OpenSSL: Drown attack

OpenSSL: Drown attack

Table of contents
Created by Dhalia Turiaga, last modified by MindTouch on Jun 23, 2016

Views: 11 Votes: 1 Revisions: 3

Overview

This article provides information about OpenSSL vulnerability discussed in the following links:

https://access.redhat.com/security/cve/cve-2016-0800

http://arstechnica.co.uk/security/20...yption-attack/

Environment

  • Serv-U version 12.x ++
  • Windows Vista/7/8, Server 2008/2012 - C:\ProgramData\RhinoSoft\Serv-U (Folder is Hidden in Windows by default)
  • Windows 2000/XP, Server 2000/2003 - C:\Program Files\RhinoSoft\Serv-U
  • Linux - /usr/local/Serv-U

Detail

Serv-U is not vulnerable to drown attack if SSLv2 is disabled in Serv-U (it is disabled by default). If the SSLv2 is not enabled, Serv-U is fine and not vulnerable to drown attack.

 

Last modified
02:36, 23 Jun 2016

Tags

Classifications

Public