From owner-freebsd-security  Fri Jun 23  7:58:30 2000
Delivered-To: freebsd-security@freebsd.org
Received: from fling.sanbi.ac.za (fling.sanbi.ac.za [196.38.142.119])
	by hub.freebsd.org (Postfix) with ESMTP id 3E48237B913
	for <security@freebsd.org>; Fri, 23 Jun 2000 07:58:24 -0700 (PDT)
	(envelope-from johann@egenetics.com)
Received: from johann by fling.sanbi.ac.za with local (Exim 3.13 #4)
	id 135Ut6-0003ef-00; Fri, 23 Jun 2000 16:56:56 +0200
Date: Fri, 23 Jun 2000 16:56:56 +0200
From: Johann Visagie <johann@egenetics.com>
To: Fernando Schapachnik <fpscha@via-net-works.net.ar>
Cc: security@FreeBSD.ORG
Subject: Re: Passive FTP ports in ProFTPd
Message-ID: <20000623165656.D13039@fling.sanbi.ac.za>
References: <200006231348.KAA07596@ns1.via-net-works.net.ar>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <200006231348.KAA07596@ns1.via-net-works.net.ar>; from fpscha@ns1.via-net-works.net.ar on Fri, Jun 23, 2000 at 10:48:40AM -0300
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Fernando Schapachnik on 2000-06-23 at 10:48:40 -0300:
> 
> 	I switched to ProFTPd due to the wu-ftpd exploit posted today. 

Despite the fact that ProFTPd is advertised as secure, it has had several
security scares and is generally regarded (at least among the people I to
talk to) as being a bad choice from a security perspective.

See for instance what Dan Bernstein has to say about it:
  http://cr.yp.to/publicfile.html   (3/4 way down the page)

-- V


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message