The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Debian: Security flaw in FSP


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Sat, 28 Nov 1998 16:37:01 -0500
From: Vanja Hrustic <[email protected]>
To: [email protected]
Subject: Debian: Security flaw in FSP

This was posted on Freshmeat.net two days ago. Haven't seen it on Bugtraq.

"The fsp package introduces a possible security flaw. When the fsp package
is installed it adds the ftp user without prompting the admin. This can
enable anonymous FTP if you use the standard ftp or wu-ftpd as your FTP
daemon. If you have have installed fsp and a FTP daemon and do not want to
have anonymous FTP enabled you should remove the ftp account. Please note
that if you use proftpd as the FTP daemon this flaw will not affect you,
since it required one to enable anonymous FTP manually.

There are fixed packages available (2.71-10) which *do not* remove the FTP
user, you will have to do this manually."

ftp://ftp.debian.org/pub/debian/dists/proposed-updates/


Vanja Hrustic
Information Systems Manager
Siam Relay Ltd.
Phone: +662-713-5130
Fax  : +662-713-5132

http://www.siamrelay.com - Siam Relay Ltd. - Security & E-Commerce
http://safer.siamrelay.com - Security Alert For Enterprise Resources

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру