Environment
Situation
Reflection for Secure IT Windows Client 7.2 Service Pack 4 is available for maintained customers who have version 7.2 installed and to customers who have downloaded and installed the version 7.2 evaluation package. This technical note provides information about how to obtain your update and a list of features and fixes included in the update. This note also includes fixes in Reflection FTP Client 14.1 SP4, which is included with Reflection for Secure IT Windows Client.
Note: This Service Pack 4 is superseded by Service Pack 4 Update 1, which released in August 2015. See KB 7021993.
- For a list of features included Reflection for Secure IT Client 7.2 Pack 3 Update 1, see KB 7022038.
- For a list of features included Reflection for Secure IT Client for Windows Service Pack 3, see KB 7021991.
- For important information regarding security updates and Reflection for Secure IT, see https://support.microfocus.com/security/.
Resolution
Obtaining the Update
Maintained customers are eligible to download the latest product releases from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/. For information about logging into and using the Download Library, see KB 7021965.
Supported Platforms
For information about platform support in Reflection, see KB 7022010.
Secure Shell Client Changes
The items in this section include changes that affect Secure Shell connections in all products that support this connection type, as well as changes to the Secure Shell command line utilities that are provided with these products.
Improvements
- You can now use the scp command to copy files to a different location on the same server. Commands of this type no longer fail with a message that says, "Couldn't open local file <file> for writing: (123) The filename, directory name, or volume label syntax is incorrect."
- The Reflection Key agent now supports multiple concurrent connections from a single emulator.
Resolved Issues
- This service pack removes corrupted display driver information from the Help > About Reflection display.
- When an unknown host key fingerprint message is displayed, it is now shows the host key in "ssh-rsa" format, which matches the format used in Reflection for Secure IT servers.
Security Fixes
This service pack includes fixes for the following reported security vulnerabilities:
- CVE-2014-0224 (TLS/SSL MITM) - This service pack fixes a vulnerability in OpenSSL that could allow an attacker with a man-in-the-middle vantage point on the network to decrypt or modify traffic.
- CVE-2014-5211 - Attachmate Reflection FTP Client Stack Buffer Overflow Remote Code Execution Vulnerability
- CVE-2014-0605 - Attachmate Reflection Secure FTP Client ActiveX Control Remote Code Execution Vulnerability
- CVE-2014-0604 - Attachmate Reflection Secure FTP Client ActiveX Control Remote Code Execution Vulnerability
- CVE-2014-0603 - Attachmate Reflection Secure FTP Client ActiveX Control Multiple Memory Corruption Remote Code Execution Vulnerabilities and Attachmate Reflection Pro FTP ActiveX Control Untrusted Pointer Dereference Remote Code Execution Vulnerability
Reflection FTP Client 14.1 SP4
- This service pack resolves a problem that can cause a Reflection FTP Client application error when you are connected to a server and perform actions on the file system after viewing the Site Properties dialog box.
Additional Information
Legacy KB ID
This document was originally published as Attachmate Technical Note 2765.