Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 11 Feb 2001 10:50:37 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        "siberian.org" <siberian@siberian.org>
Cc:        Dominic Marks <dominic_marks@hotmail.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: Secure Servers (SMTP, POP3, FTP)
Message-ID:  <20010211105037.C52522@mollari.cthul.hu>
In-Reply-To: <5.0.0.25.2.20010211101800.00a68bd0@207.126.116.40>; from siberian@siberian.org on Sun, Feb 11, 2001 at 10:19:42AM -0800
References:  <F55PFTg4bPYkAOt67zL00011da9@hotmail.com> <5.0.0.25.2.20010211101800.00a68bd0@207.126.116.40>

next in thread | previous in thread | raw e-mail | index | archive | help

--HG+GLK89HZ1zG0kk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Feb 11, 2001 at 10:19:42AM -0800, siberian.org wrote:
> I use ncftpd. No one talks much about it, are there inherent problems wit=
h=20
> it? I've found it to be reliable, configurable and flexible so I hope I'm=
=20
> not missing something...

It's impossible to say because it's closed source.  It hasn't received
much attention from the white-hat community because it's almost
impossible to audit for this reason, but someone with serious time or
inclination to break lots of ncftpd servers might well be able to turn
up security problems using a debugger or disassembler.

Kris

--HG+GLK89HZ1zG0kk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6ht78Wry0BWjoQKURAnuFAKDJYmhdgMxmQJxX1+wuSfXqSINzngCdF+1c
ren9a6oNu9BuWc/z4ZMsMrU=
=hEHP
-----END PGP SIGNATURE-----

--HG+GLK89HZ1zG0kk--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010211105037.C52522>