On Tue, 28 Nov 2000 09:50:30 +0100, you wrote:
Is it secure the following ftpd:
220 xxxx FTP server (Version 6.4/OpenBSD/Linux-ftpd-0.16) ready ???
I've had a look to some databases. Here is the result: As shipped with SuSE 6.4,it IS vulnerable. Bugtraq: Multiple Vendor ftpd setproctitle() Format String Vulnerability http://www.securityfocus.com/vdb/bottom.html?vid=1425 SuSE: http://www.suse.com/de/support/security/suse_security_announce_57.txt This is the latest nkitb, which is the rpm you have to install to patch yourself: ---------------------------------------------------------------------- File: nkitb-2000.10.4-0.i386.rpm Version: 2000.10.4 Size: 672 kB Date: Wed 04 Oct 2000 01:19:25 PM CEST Source: nkitb-2000.10.4-0.src.rpm Security: Yes ---------------------------------------------------------------------- Description: Security fix for traceroute What I'm missing here in the description is the ftp patch. I suppose the description says only about the latest modification in nkit. Perhaps it would be better to list ALL patches included _since_ ORIGINAL shipped package. For instance, the description above doesn't list the ftp patch. I've installed the new package, but I cannot see i if ftpd is updated since the ftpd-banner keeps intact. Regards. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~