We are pleased to announce a new version of Solar FTP server. We are not only solved the vulnerability found by Craig Freyman and Gerardo Iglesias (previous fix was not successful), which crashed a server, but also fixed a bug when deleting a directory (RMD command).
In version 2.2 we’ve added new FTP commands:
RNFR/RNTO – these two FTP commands are used to rename a file/directory on the server. RNFR specifies the name of existing file/folder to be renamed. RNTO specifies the new name of the file/folder which is selected by RNFR command.
XMKD – make a directory. Similar to MKD.
XRMD – remove a directory. Similar to RMD.
XCUP – change the current working directory to the parent. Similar to CWUP.
XPWD – print the current working directory. Similar to PWD.
XMKD, XRMD, XCUP, XPWD are added to make Solar FTP Server compatible with RFC 775.
The server administration console now shows the correct list of all online users. In the previous versions, console did not show the list of current connected users. Only new connections are shown in the list.
Solar FTP Server 2.1.2 has been released. In this version there was fixed only critical bugs with application vulnerability. Fixed two issues:
- If you send a 2000 byte command with the “PASV” command, you can crash the application.
- A remote attacker can potentially disable the FTP service by sending “USER” command with incorrect data.
Actually it’s the same issue with formatting string and recording in log. In this version we have tried to fix, so that in future no such problems arise again.
In the next version we will add new features. We are happy to listen to your wishes regarding new application features!
We are happy to announce that a vulnerability in Solar FTP Server found by John Leitch is fixed in the version 2.1.1. The vulnerability can be exploited to corrupt memory by sending a FTP command with an overly long parameter.
We highly recommend you to update FTP server to the latest version.
We are happy to announce a new release of Solar FTP Server 2.1. This minor version has the following enhancements and bug-fixes:
- Improved CPU performance.
- Added web server for administrate user accounts via scripts (PHP, Perl, etc.).
- Fixed critical problems with server stability.
- Fixed bug with RETR command sent by Firefox browser.
- Solved the UI bug when adding\editing directories.
- Fixed enabling or disabling user account.
In light of the substantial enhancements and important bug fixes, we highly recommend to upgrade to Solar FTP Server 2.1.
Solar FTP Server is a simple and handy FTP server for anyone. The FTP server runs as a Windows service and to control it we designed a special tool – Solar FTP Administrator that helps you to change default FTP settings or add\remove FTP users.
After you install Solar FTP Server, you need to run FTP Administrator utility and connect to FTP service.
By default, a service process of FTP server waits for administration tool connections on 22282 port of localhost (127.0.0.1) address. Press Connect button and you will automatically switched to Server Log view.
If FTP service is installed correct (22282 port was free when you installed a server) then you will see in Server Log view that you are connected to a server and server sent you FTP settings including accounts.
Now you may add FTP accounts or change FTP configuration.