From owner-freebsd-security  Sun Feb 11 10:51:10 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241])
	by hub.freebsd.org (Postfix) with ESMTP id 01B2237B491
	for <freebsd-security@FreeBSD.ORG>; Sun, 11 Feb 2001 10:51:08 -0800 (PST)
Received: from xor.obsecurity.org ([63.207.60.67])
 by mta5.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9)
 with ESMTP id <0G8L0057DW7TOK@mta5.snfc21.pbi.net> for
 freebsd-security@FreeBSD.ORG; Sun, 11 Feb 2001 10:47:53 -0800 (PST)
Received: by xor.obsecurity.org (Postfix, from userid 1000) id BB85966B09; Sun,
 11 Feb 2001 10:50:37 -0800 (PST)
Date: Sun, 11 Feb 2001 10:50:37 -0800
From: Kris Kennaway <kris@obsecurity.org>
Subject: Re: Secure Servers (SMTP, POP3, FTP)
In-reply-to: <5.0.0.25.2.20010211101800.00a68bd0@207.126.116.40>; from
 siberian@siberian.org on Sun, Feb 11, 2001 at 10:19:42AM -0800
To: "siberian.org" <siberian@siberian.org>
Cc: Dominic Marks <dominic_marks@hotmail.com>,
	freebsd-security@FreeBSD.ORG
Message-id: <20010211105037.C52522@mollari.cthul.hu>
MIME-version: 1.0
Content-type: multipart/signed; micalg=pgp-md5;
 protocol="application/pgp-signature"; boundary="HG+GLK89HZ1zG0kk"
Content-disposition: inline
User-Agent: Mutt/1.2.5i
References: <F55PFTg4bPYkAOt67zL00011da9@hotmail.com>
 <5.0.0.25.2.20010211101800.00a68bd0@207.126.116.40>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--HG+GLK89HZ1zG0kk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Feb 11, 2001 at 10:19:42AM -0800, siberian.org wrote:
> I use ncftpd. No one talks much about it, are there inherent problems wit=
h=20
> it? I've found it to be reliable, configurable and flexible so I hope I'm=
=20
> not missing something...

It's impossible to say because it's closed source.  It hasn't received
much attention from the white-hat community because it's almost
impossible to audit for this reason, but someone with serious time or
inclination to break lots of ncftpd servers might well be able to turn
up security problems using a debugger or disassembler.

Kris

--HG+GLK89HZ1zG0kk
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6ht78Wry0BWjoQKURAnuFAKDJYmhdgMxmQJxX1+wuSfXqSINzngCdF+1c
ren9a6oNu9BuWc/z4ZMsMrU=
=hEHP
-----END PGP SIGNATURE-----

--HG+GLK89HZ1zG0kk--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message