Syncplify Developers Blog

Release notes and blog by the developers at Syncplify

Tag nvd

Syncplify Devs
July 1, 2024

Syncplify Server! is *NOT* vulnerable to CVE-2024-6387

OpenSSH, a widely used secure shell-protocol handling software, has recently disclosed a critical vulnerability (CVE-2024-6387) affecting its server component. This flaw could potentially allow unauthenticated remote code execution with root privileges on glibc-based Linux systems. The vulnerability, present in OpenSSH versions 8.5p1 through 9.7p1, is a signal handler race condition that affects the default configuration of sshd.

Qualys researchers have identified over 14 million potentially vulnerable OpenSSH server instances exposed to the internet[1]. While exploitation requires continuous connections for 6-8 hours under lab conditions, the potential impact is severe, allowing full system compromise and takeover.

It’s important to note that Syncplify Server! is not affected by this vulnerability. Unlike many other SSH servers, Syncplify Server! is not based on OpenSSH in any way. This independent implementation ensures that Syncplify Server! users are protected from vulnerabilities specific to OpenSSH, including CVE-2024-6387.

For those using OpenSSH, it’s crucial to apply the latest patches promptly. Additionally, limiting SSH access through network-based controls and enforcing network segmentation can help mitigate potential risks.

Leave a comment InGeneral Syncplify Server! WebClient!
Syncplify Devs
December 18, 2023

Syncplify Server! v6.2.21 released 🔥

Importance of this update: VERY HIGH
What’s changed?
  • The Golang standard library was updated to address a yet-to-be-disclosed CVE that could potentially affect SSH/SFTP services, this release incorporates such updates to keep your server safe
  • Importing old V4/V5 backups now works a little better even when such backups contain errors and misconfigurations (some of them are addressed by applying sensible default settings)
  • Parameters (see this KB article) can now be used in all Virtual File Systems, and not only in “Disk” VFSs as it used to be

IMPORTANT NOTE: those who are running the “worker” system service under a different account (not System or LocalSystem) will need to re-configure the service to run under such account after upgrading from any version number <= 6.1.12)

Upgrading from v6.x.y is a simple and fairly automatic process: simply download the latest version from the official download page, and install it over the existing version, all of your settings and license will be kept.

If, instead, you’re upgrading from an older (v4/v5) version, you find the upgrade instructions in our knowledge base.

Thank you all for trusting our software with your secure file transfers!

Leave a comment InRelease Notes Syncplify Server! WebClient!
Syncplify Devs
June 28, 2023

Syncplify Server! has no known vulnerabilities in the NIST NVD

In the aftermath of the already infamous MOVEit hack, which is only the most recent one in a long list of competitors exposing their customers data, we would like to take this opportunity to underscore a few important facts about Syncplify Server!

In fact, Syncplify Server! is the only enterprise-grade, commercial SFTP server on the market that has never been hacked, and has literally zero vulnerabilities listed in the NIST NVD, which is the National Vulnerability Database owned and operated by the National Institute of Standards and Technology.

But hey, it’s easy to toss around such a bold claim without proof, right? That’s why we’re not asking you to take our word for it. This is something you can verify yourself.

How? Here you go:

  • Point your browser to the NIST NVD website search page
  • Type in Syncplify Server! or even just Syncplify, and verify that no vulnerabilities are found (here’s a direct link if you don’t want to type)
  • Now go back to the NIST NVD search page and try to search for any of our competitors; chances are anyone you search for will have a list of known vulnerabilities hackers can, have, and will exploit to gain access to your data

This is not a random result; where many of our competitors have chosen to give in to flashy UIs and unreasonable support for old/legacy algorithms now obsolete and proven weak, we have never been afraid to lead our customers onto a path of true security without trade-offs.

Stay safe, choose unrelenting security, use Syncplify.

Leave a comment InGeneral Syncplify Server! WebClient!