Date: Sun, 8 Jun 1997 22:56:06 -0400 (EDT) From: Adam Shostack <adam@homeport.org> To: darkstar@telcentral.net (Mark Rollings) Cc: dg@root.com, yossman@yoss.canweb.net, security@FreeBSD.ORG Subject: Re: ftpd security weakness on FreeBSD (fwd) Message-ID: <199706090256.WAA23765@homeport.org> In-Reply-To: <3.0.32.19970608210325.009c66a0@mail.telcentral.net> from Mark Rollings at "Jun 8, 97 09:03:28 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Rollings wrote: | Above any of the below mentioned deficiencies in the ftpd, CERT recently | released an advisory on the ftpd for practically all OS's. The replacement | mentioned below is not satisfactory in order to properly prevent attacks | covered in the advisory. wu-ftp-2.4.2-beta-13 is the correct ftpd to | compile for FreeBSD based machines. The advisory can be found in complete | form at CERT. www.cert.org. Could I suggest that the FTPd from logdaemon, which is small, feature poor, and probably more secure than WU-ftpd would be a more appropriate default? People who need the functionality of WU can install it, those that dont't get a smaller, more appropriate tool. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706090256.WAA23765>