similar to: FreeBSD Security Advisory: FreeBSD-SA-99:03.ftpd REISSUED

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-99:03 Security Advisory FreeBSD, Inc. Topic: Two ftp daemons in ports vulnerable to attack. Category: ports Module: wu-ftpd and proftpd

---------- Forwarded message ---------- Date: Fri, 22 Oct 1999 20:30:27 -0700 (PDT) From: David Cantrell <david@slackware.com> To: slackware-security@slackware.com Subject: CA-99-13: wu-ftpd upgrade available ATTENTION: All users of Slackware 4.0 and Slackware-current REGARDING: CERT Advisory CA-99-13 Multiple Vulnerabilities in WU-FTPD The recent CERT advisory reporting multiple

The instructions in RHSA-2000:037-01 (2.2.16 kernel update) tell you: 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. These instructions are incomplete and may result in a system that is unbootable. After updating the RPM files, you should also: (1) run mkinitrd to create a new initial ramdisk image

---------- Forwarded message ---------- Date: Sat, 23 Oct 1999 22:11:13 -0700 (PDT) From: David Cantrell <david@slackware.com> To: slackware-security@slackware.com Subject: CA-99-13: minimal fix for Slackware 3.5 through 4.0 Regarding the recent CERT advisory about WU-FTPD: An alternative minimal fix is available for Slackware versions 3.5, 3.6, 3.9, and 4.0. Users can download this and

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Security problems in WU-FTPD Advisory ID: RHSA-1999:043-01 Issue date: 1999-10-21 Updated on: Keywords: wu-ftp security remote exploit Cross references: --------------------------------------------------------------------- 1. Topic: Various computer security groups have

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:12.ftpd Security Advisory The FreeBSD Project Topic: Cross-site request forgery in ftpd(8) Category: core Module: ftpd Announced:

Package: logcheck Version: 1.2.34 Severity: normal the patterns for pure-ftpd in ignore.d.server are not matching a user with a trailing whitespace. here a some examples: Feb 18 13:02:33 web1 pure-ftpd: (stupid-pure-ftpd @84.56.131.73) [NOTICE] /example/example.txt downloaded (5908 bytes, 152196.03KB/sec) Feb 18 13:16:14 web1 pure-ftpd: (stupid-pure-ftpd @84.56.131.73) [INFO] Logout. every

Package: logcheck Version: 1.2.69 Severity: normal In the file /etc/logcheck/ignore.d.server/wu-ftpd ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$ should be ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd\[[0-9]{4}\]: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$ There is a number after "wu-ftpd" -- System

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:33 Security Advisory FreeBSD, Inc. Topic: globbing vulnerability in ftpd Category: core Module: ftpd/libc Announced: 2001-04-17 Credits:

You could use ktrace(1) to determine what the ftpd daemon is actually doing. rh> Is the user's shell listed in /etc/shells? It must be there for ftpd to rh> let them in. vt> I run FreeBSD 4.3-STABLE machine. I use ftpd for ftp server daemon. It has vt> very strange behavior with one of user accounts on my machine. Every one user

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: wu-ftpd vulnerability Advisory number: CSSA-2000-020.0 Issue date: 2000 June, 23 Cross reference: ______________________________________________________________________________ 1. Problem Description There is

Hi, anyone successfully compiled http://download.pureftpd.org/pub/pure-ftpd/snapshots/pure-ftpd-1.0.22.tar.bz2 Thanks, David

Hi! I'm kind new to linux, I just got my server with CentOS 3.1 installed I'm trying to install a ftp server to upload files, but the wu-ftpd 2.6.2 doesn't work with autoconfigure nor with ./build lnx ./build install got error missing bin/ftpd can you tell me step by step howto install o should I user another ftp server... thanks for your help Fernando

I did try that, but had difficulties in compiling it from source-- it's not in the yum repositories (either CentOS or Dag Wieers). -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / chandler at chapman.edu Ethernet, n. What one uses to catch the Etherbunny. -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of

Ran into a weird problem, and this seemed a good forum to toss it out into -- if I've gaffed, please let me know. Just upgraded my RH5.0 box to RH5.2. Went well, worked nearly seamlessly. When running 5.0, though, I'd installed the opie-fied ftpd that comes with the most recent opie package (ftp://ftp.inner.net/pub/opie/opie-2.32.tar.gz) and had it work without a hitch. I'd also

Package: logcheck-database Version: 1.2.61 Severity: wishlist File: /etc/logcheck/ignore.d.server/proftpd Two weeks ago, I got a rush of these: Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd (Apparently, fail2ban managed to miss those.) This is triggered by pam_listfile, which is used by proftpd (and other FTP daemons) to block users listed in

Greetings all, I'm needing to set up a new ftp server which will primarily be a public server (i.e. "anonymous" logins). I'll also need to set up some "group" logins for controlled "incoming" access (doesn't _have_ to be on the same sever). Aside: I can't see a (mini-)HOWTO on public ftp server setup - is there really not one? Given the recent

hi guys, im trying to backup a cpanel server and made a list in the file with the directories and files to be backed up and also another file with the excluded dir/file list. For some reason when an account is deleted from the server then when rsync is backing it up is not removing this account directory and files. Any idea what could be the problem? Im using version 2.6.8 protocol version

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: proftpd-1.2.0pre6 and earlier Date: Thu Sep 16 20:59:18 CEST 1999 Affected: all UNIX platforms using proftpd ______________________________________________________________________________ A

Below is a cut and past from my log files that are sent to me. This is from the last day that proftpd worked correctly. I'm not sure why proftpd was restarted as the log states: ################### LogWatch 5.2.2 (06/23/04) #################### Processing Initiated: Sun Feb 19 09:02:02 2006 Date Range Processed: yesterday Detail Level of Output: 0 Logfiles