Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Debian: Security flaw in FSP

From: vanja () SIAMRELAY COM (Vanja Hrustic)
Date: Sat, 28 Nov 1998 16:37:01 -0500

This was posted on Freshmeat.net two days ago. Haven't seen it on Bugtraq.

"The fsp package introduces a possible security flaw. When the fsp package
is installed it adds the ftp user without prompting the admin. This can
enable anonymous FTP if you use the standard ftp or wu-ftpd as your FTP
daemon. If you have have installed fsp and a FTP daemon and do not want to
have anonymous FTP enabled you should remove the ftp account. Please note
that if you use proftpd as the FTP daemon this flaw will not affect you,
since it required one to enable anonymous FTP manually.

There are fixed packages available (2.71-10) which *do not* remove the FTP
user, you will have to do this manually."

ftp://ftp.debian.org/pub/debian/dists/proposed-updates/


Vanja Hrustic
Information Systems Manager
Siam Relay Ltd.
Phone: +662-713-5130
Fax: +662-713-5132

http://www.siamrelay.com - Siam Relay Ltd. - Security & E-Commerce
http://safer.siamrelay.com - Security Alert For Enterprise Resources
Previous By Date Next
Previous By Thread Next

Current thread: