OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] strange ftp-scan
From: Stefan Suurmeijer (stefansymbolica.nl)
Date: Sat Oct 07 2000 - 07:12:16 CDT

On Sat, 7 Oct 2000, semat wrote:

> Well if I remeber well there was also a security advisory recently about
> proftp and how remote users could gain root priviledges. I think so far
> the only one that hasn't had any has been the one from Openbsd it comes
> with suse. try it out.
>

There was a security advisory about just about every ftp daemon, with all
this format string s*** going around. The latest release of proftpd is
supposed to be safe, and it's pretty good. Anyone using wuftpd after about
9 straight years of continual holes is probably suicidal (that brings to
mind, is it still DeadRat's default ftp package? You do the math ;-))

If you need fast and safe (anonymous) ftp though, look af ncftpd
(www.ncftp.com). Unfortunately not open source, but the best ftp daemon I
know. If you're an educational site you can get it free, if you only
need 3 concurrent users it's free as well.

greetz

Stefan

>

==========================================
Stefan Suurmeijer
Network Specialist
University of Groningen
tel: (++31) 50 363 3423
fax: (++31) 50 363 7272
E-mail (business): s.m.suurmeijerrc.rug.nl
E-mail (private): stefansymbolica.nl
==========================================

Quidquid id est, timeo Microsoftum et dona ferentis
(Whatever it is, I fear Microsoft, even when they are bringing gifts)

Who is General Failure, and why is he reading my harddisk?

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com